A flaw in the Razer software installer allows users to get administrative privileges on Windows 10 or Windows 11 by connecting Razer hardware and clicking through to a Powershell, the installer will be fixed by Razer.
According to security researcher John Hat, the remedy should be implemented "as soon as possible." He spotted the bug and, after receiving no reaction, he decided to make his discoveries public by posting them on Twitter and making a video last weekend. Razer intends to do something with his report now that it has been brought to the attention of the public.
In a video, Hat demonstrated how the vulnerability works. When you connect a Razer mouse or keyboard to a Windows 10 or 11 computer, Windows will immediately download and install a driver for the hardware from Windows Update, and then launch an installer for the associated Razer software. This provides the option of installing the software in a folder of one's choosing. Afterwards, it is possible to start Powershell from that folder, in which case Powershell is granted the permissions of the folder from which it was launched. It is possible to do anything with those administrative privileges from that point on. Physical access to a computer, as well as the ability to plug in or emulate Razer gear, are required for the hack to work. As a result, the scope on which this can be exploited is limited as a result.
Check the exploit video here.