SteelSeries bug gives administrator privileges in Windows 10

The official for installing SteelSeries devices on Windows 10 can be backdoored to gain administrative privileges.

steelserieskeyboard

Its utilization τος είναι δυνατή κατά τη ρύθμισης της συσκευής, χρησιμοποιώντας έναν σύνδεσμο στην οθόνη της Άδειας Χρήσης, που ανοίγει με δικαιώματα . A SteelSeries device is not required to exploit the bug.

The discovery comes after it was announced at the weekend that Razer Synapse software could be used to gain increased privileges when connecting a Razer mouse or keyboard.

Playing with a recently acquired SteelSeries keyboard, the researcher Lawrence Amer (head of research team at 0xsp), discovered a privilege scaling vulnerability that allowed it to run the command line in Windows 10 with administrator privileges.

But SteelSeries software is not just for keyboards (Apex 7 / Pro). Installs and allows the configuration of mice (Rival 650/600/710) and headphones (Arctis 9, Pro) by the manufacturer. It even lets users control the RGB backlight on the QCK Prism gaming keyboard.

A SteelSeries device is not required for this attack to work. Researcher István Tóth published a script open source that can mimic human interface (HID) devices on an Android phone, especially for local privilege escalation (LPE).

screenshot 2021 08 26 at 09 04 32 steelseries bug gives windows 10 admin rights by plugging in a device

 

Although an experimental version, the script can be used successfully on both Razer and SteelSeries devices.

 

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
SteelSeries, Windows

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).