Blog

Cyberattackers use bugs in Razer Synapse

Dan Liles

IT
23/09/2021

Cyberattackers use bugs in popular computer peripheral, Razers, to gain Windows 10 system privileges.

Cyberattackers are using zero-day vulnerabilities in the popular Razer Synapse software to gain system privileges by simply plugging in a Razer mouse or keyboard to a computer. A zero-day vulnerability is an issue that was discovered by attackers before the software vendor has become aware of it.

Razer manufacture high end peripherals (such as keyboards and mice), optimized for specific uses. This makes them very popular among PC enthusiasts and gamers. The Synapse software, affected by the bug, is used to customise Razer hardware devices, such as set up keyboard shortcuts or program dedicated buttons.

Upon plugging in a Razer device to the Windows 10 or 11 operating system the plug-and-play installer will automatically begin to download the Razer Synapse software onto the computer.

Security researcher Jonhat discovered the bug in the plug-and-play Razer Synapse installation that allows users to gain system privileges of the computer very quickly.

System privileges are the highest user rights available, which means that any user account with these rights can execute (run) any command on the computer. Cyberattackers strive to have these rights as it will allow them to install whatever malicious software, they like without windows being able to block it. This malicious software (malware) could allow the Cyberattackers to access, modify or delete sensitive business information such as, emails or any other file stored or accessed on the computer.

Exploits like this are relatively uncommon, however unpredictable and could be discovered by a Cyberattacker at any time. Therefore, it is important to keep up to date with the security status of software installed on your business computers. We recommend not installing software you aren’t certain you need and to make sure to always keep it up to date, so patches like this are not accessible on your system.

Follow Cyber Wise on Twitter @cyber-wise and visit our website to see what we could do to help make your business safer online.

Cyber Wise

Latest articles
COVID-19

Coronavirus Live Support

We've created this live blog to update you with useful and relevant insights into the latest developments surrounding the COVID-19 pandemic.

+
White Paper

Accelerate your growth

Take the next step on your business growth journey. Remove barriers and put plans in place to monitor success.

+

Podcast

Play to your strengths

In this episode with Twelve Scholars, Nigel discusses being proactive and how to play to your strengths.

+

Awards