A recently discovered vulnerability could grant threat actors administrator privileges on Windows 10 systems through a Razer mouse used as an entry point and using PowerShell code. A hacker demonstrated that the exploitation process is relatively simple and a successful attack would allow arbitrary commands to be executed on the target system.
Microsoft is preparing its infrastructure for the release of Windows 11, the latest version of the popular operating system; however, the vast majority of users have not had access to sample versions of this release. It may be that due to the considerable efforts that the company is putting into this project its security has been affected, allowing the appearance of implausible security errors like this.
According to tweets from an anonymous hacker identified as “j0nh4t”, Razer mouse plugins are installed with configuration software that can be run as a SYSTEM user, which would allow users to access many more resources than necessary for hardware installation.
The leak has shown that this vulnerability can be something that goes unnoticed or generate severe problems for affected users. In this regard, the cybersecurity community points out that the attack is quite easy and even those users unfamiliar with hacking topics could exploit it.
An attack could be dangerous, as it could be done in just a few minutes and would allow the compromised system to be severely compromised. The attack could go completely unnoticed, especially since Razer devices can be plugged in and run anywhere as long as the USB port is used. The hacker mentions that Razer is already working on a method to address the flaw, as it is considered a high security risk.
It is practically a fact that the vulnerability will not affect the Windows 11 system. However, it has been confirmed that Windows 10 will continue to be supported at least until 2025, so the flaw will need to be addressed.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.