A security bug has been discovered within Razer Synapse, Razer's peripheral companion software. The bug allows a user to obtain admin privileges without authentication. Fortunately, Razer is working on a fix.
The bug was found and reported by security researcher jonhat (via Bleeping Computer), who showed and explained how to gain admin privileges by exploiting the Razer Synapse bug. Considering that over 100 million PCs use Synapse, as per Razer's numbers, fixing this issue should be a priority.
Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click
— jonhat (@j0nh4t) August 21, 2021
To exploit this bug, you'll have to plug a Razer device and let Windows Update download and execute the driver. When it asks you to select the driver's installation directory, click on the “Install Location”, opening the Windows Explorer. There, press shift+right-click and choose “Open PowerShell Window Here”. Once you hit open, you'll have admin privileges.
After finding the bug, the security researcher got in contact with Razer. The company stated that their security team has started to work on a fix that will be deployed ASAP. Moreover, despite disclosing the bug publicly, the researcher received a bug bounty reward for its discovery.
KitGuru says: Razer is working on a fix, so we should have an update for Razer Synapse within the next few days.