Windows 10 users are haunted by security vulnerabilities. Earlier this week, it was discovered that connecting a Razer mouse to a Windows 10 PC could easily allow a user to gain administrator rights on that PC. Now a similar story is happening with SteelSeries peripherals.
Inspired by a discovery earlier this week, security researcher Lawrence Amer tried to find a similar vulnerability in SteelSeries peripherals on Windows 10. When a SteelSeries keyboard is connected, Windows tries to install the SteelSeries GG application, which is used to control some features of SteelSeries peripherals, such as RGB- backlight. As with Razer, this installer is run by a trusted SYSTEM user with administrator rights.
However, unlike Razer’s Synapse software, SteelSeries GG software is initially installed without giving users the option to select a folder to save files. Namely, the choice of the folder was the reason for the exploitation of the first vulnerability. The first installer extracts the additional installation files to the specified location, and then runs the extracted installer as well.
At some point, the second installer, as you would expect, presents the user with a license agreement. This page contains a link to the full agreement on the SteelSeries website. If the user has not yet installed the default browser, Windows 10 will prompt him to select an application to open the link, and if he chooses Internet Explorer, the browser will launch under the SYSTEM user, just like the installer. At this stage, the attacker can only try to save the current web page, for which a File Explorer window opens, in which he needs to select a location to save the file.
Further, the process is the same as in the case of the Razer vulnerability. This File Explorer window allows anyone to easily launch a Command Prompt window with administrator privileges, and users can do whatever they want from there.
Finding these vulnerabilities in Windows 10 seems to be able to “open gateways”. Aside from Razer and SteelSeries peripherals, other brands likely have similar software with similar vulnerabilities in the very ideology.
SteelSeries representatives shared a statement on this issue with Free News. We hope that the problem will be completely resolved in the near future.
“We are aware of the issue identified and have proactively disabled the launch of the SteelSeries installer that is triggered when a new SteelSeries device is plugged in. This immediately removes the opportunity for an exploit and we are working on a software update that will address the issue permanently and be released soon.”
a SteelSeries spokesperson