Cyberattackers are using zero-day vulnerabilities in the popular Razer Synapse software to gain system privileges by simply plugging in a Razer mouse or keyboard to a computer. A zero-day vulnerability is an issue that was discovered by attackers before the software vendor has become aware of it.

Razer manufacture high end peripherals (such as keyboards and mice), optimized for specific uses. This makes them very popular among PC enthusiasts and gamers. The Synapse software, affected by the bug, is used to customise Razer hardware devices, such as set up keyboard shortcuts or program dedicated buttons.

Upon plugging in a Razer device to the Windows 10 or 11 operating system the plug-and-play installer will automatically begin to download the Razer Synapse software onto the computer.

Security researcher jonhat discovered the bug in the plug-and-play Razer Synapse installation that allows users to gain system privileges of the computer very quickly.

System privileges are the highest user rights available, which means that any user account with these rights can execute (run) any command on the computer. Cyberattackers strive to have these rights as it will allow them to install whatever malicious software they like without windows being able to block it. This malicious software (malware) could allow the Cyberattackers to access, modify or delete sensitive business information such as emails or any other file stored or accessed on the computer.

Exploits like this are relatively uncommon and could be discovered by a Cyberattacker at any time. Therefore, it is important to keep up to date with the security status of software installed on your business computers. We recommend not installing software you aren’t certain you need and to make sure to always keep it up to date, so patches like this are not accessible on your system.

Follow Cyber Wise on Twitter @cyber-wise and visit our website to see what we could do to help make your business safer online.

Subscribe today to receive our latest updates!

Subscribe

Get in Touch Today!

Thank you for your message. It has been sent.
There was an error trying to send your message. Please try again later.

Related Posts

If you enjoyed reading this, please explore our other articles below:

Technology is no longer a tool; it is the lifeblood...
Read More
Imagine your IT infrastructure as a castle. The typical defences...
Read More
In the lightning-fast pace of today’s business landscape, organisational survival...
Read More
In Europe, the walled garden of Apple’s App Store is...
Read More
back to all posts