This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
A security researcher discovered that the official application for installing SteelSeries devices on Windows 10 can be abused to acquire administrator privileges.
The vulnerability can be exploited during the device setup process by clicking a link in the License Agreement page that is loaded with SYSTEM capabilities. It is not essential to have an authentic SteelSeries device to exploit the problem.
Possible to Emulate a Gadget?
The finding came after the disclosure of the news last week that the Razer Synapse software may be exploited to gain permissions when pairing a Razer mouse or keyboard.
Driven by Jonhat’s study, security researcher Lawrence Amer (research team leader at 0xsp) discovered that the same may be accomplished with the SteelSeries device installation software.
Amer discovered a link in the License Agreement page that gets opened with SYSTEM rights during the device setup process, allowing complete admin privileges to a Windows 10 computer. He accessed the URL in Internet Explorer, it was then just a matter of using Internet Explorer to save the web page and launching elevated privileges Command Prompt from the right-click menu of the “Save As” box.
One can then move around the PC with enhanced privileges and perform whatever an admin can do. This is applicable for all SteelSeries peripherals, including mouse, key
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: SteelSeries Software Flaw Gives Windows 10 Admin Rights