Interesting Privilege Escalation Vulnerability
If you plug a Razer peripheral (mouse or keyboard, I think) into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software—which automatically downloads—to gain SYSTEM privileges.
It should be noted that this is a local privilege escalation (LPE) vulnerability, which means that you need to have a Razer devices and physical access to a computer. With that said, the bug is so easy to exploit as you just need to spend $20 on Amazon for Razer mouse and plug it into Windows 10 to become an admin.
Hedo • August 26, 2021 9:57 AM
No need for a mouse. You can stop right there at “physical access”.
A lot of free tools floating around (various “Commanders”, etc.).