Razer mice could let strangers take over your Windows 10 PC

razer deathadder
(Image credit: Razer)

UPDATE, 8/23: A Razer spokesperson got in touch with Tom's Guide to issue the following statement:

"We were made aware of a situation in which our software, in a very specific use case, provides a user with broader access to their machine during the installation process. 

"We have investigated the issue, are currently making changes to the installation application to limit this use case, and will release an updated version shortly. The use of our software (including the installation application) does not provide unauthorized third-party access to the machine. 

"We are committed to ensuring the digital safety and security of all our systems and services, and should you come across any potential lapses, we encourage you to report them through our bug bounty service, Inspectiv: https://app.inspectiv.com/#/sign-up."

ORIGINAL: Razer makes some excellent gaming mice, from the versatile Razer DeathAdder V2, to the diminutive Razer Orochi V2. But while the peripherals themselves are beyond reproach, the software could leave a big hole in your PC’s defenses. A security researcher recently discovered that he could trick the Razer Synapse software into thinking he had full admin access in Windows 10, and the trick is easy to replicate. The bad news is that there’s no fix yet, but the good news is that the risk for most users seems minimal.

Information comes from Windows enthusiast site MSPoweruser, reporting on a Twitter thread from security researcher “jonhat.” In a short video, jonhat demonstrates an escalation-of-privilege flaw inherent to Razer mice. If exploited, this flaw lets a malefactor access any Windows 10 PC as an administrator, rather than a limited user. Once that happens, they could steal files or install malware.

Before we get into the specifics of how the vulnerability works, there are two important pieces of information to keep in mind. First and foremost, Razer does not yet have a patch for this flaw. The company patches its Synapse software frequently, so expect an update soon. Until then, however, it’s up to users to protect their own machines.

That brings us to the second point: the flaw is relatively impractical to exploit in everyday circumstances. To gain admin access via a Razer mouse, a malefactor needs physical access to a PC. That means a stranger would need to be in your home or your workplace, unsupervised, and have a Razer mouse or dongle handy. This could admittedly happen in a shared workplace, but it would take a lot of effort and coordination to pull off.

In any case, here’s how the flaw works: First, a malefactor plugs a Razer mouse into a Windows 10 PC. Assuming that Synapse isn’t already installed, the mouse will run an EXE called “RazerInstaller.” The vulnerability lies in the fact that RazerInstaller runs as SYSTEM rather than an individual user account.

As such, a user can pick a location to install Synapse. Once Windows Explorer is open, they can then run Powershell and use the Command Prompt to do, well, almost anything. A savvy Command Prompt user can copy files, install software, or just flat-out wipe a PC.

Technically speaking, you don’t even need a Razer mouse to replicate this flaw. Simply creating a USB drive that mimics a Razer mouse would suffice. As long as the RazerInstaller EXE runs from the USB drive, the rest of the vulnerability is relatively easy to exploit.

Luckily, Razer Synapse updates automatically by default, so once Razer puts out a patch, most users should get it without any extra effort. Microsoft can also remove the faulty driver from Windows Update, and replace it with a newer one when available. In the meantime, however, make sure you keep your PC — and your Razer mice — to yourself.

TOPICS
Marshall Honorof

Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi. 

Read more
MacBook Pro 16-inch 2021 sitting on a patio table
Critical macOS flaw puts your data and cameras at risk — update right now
A laptop displaying the Chrome logo
Don't click this — malicious ads impersonating Google Chrome spreading dangerous malware
Find My iPhone
Apple Find My hack turns any Bluetooth device into a secret AirTag — what we know
A magnifying glass on top of the Steam logo in a web browser
Valve recommends a full PC reset after malware-infected game discovered on Steam
and image of the Google Chrome logo on a laptop
Popular Chrome extensions hijacked by hackers in widespread cyberattack — 3.2 million at risk
Malware
New macOS malware uses Apple's own code to quietly steal credentials and personal data — how to stay safe
Latest in Windows Operating Systems
Microsoft Office is finally as it should have been on iPad
Microsoft tests free Word, PowerPoint and Excel apps for Windows — expect a lot of ads
laptop anger
Latest Windows 11 update reportedly breaking major parts of the operating system
Windows 10 logo
Windows 10 end of life set for this year — everything you need to know to get ready
Windows 11 logo on a laptop screen
I reviewed Windows 11, and these are the 5 new features I'm most excited about for 2025
A Windows 11 laptop, demonstrating how to run Android apps on Windows 11
How to remove the Windows 11 news and weather widget
Man typing on Windows 11 laptop
Microsoft confirms major Windows 11 and Windows 10 audio bug is cutting sound on PCs
Latest in News
iPhone 16
Hoping for a new iPhone 16 color? Here's why that's looking unlikely
iOS Photos app
iOS 18.4 Photos update makes it easier to sort, hide and delete your photos on iPhone — here’s what you can do
Dyson Purifier Cool (TP11) in office
Dyson just launched its new high-tech air purifier — right in time for allergy season
Nvidia RTX 5090
RTX 5060 breaks cover in Acer gaming PC — is Nvidia’s next GPU launch imminent?
Samsung Galaxy Tab S10 FE renders
Samsung's Galaxy Tab S10 FE crushes its predecessor with 40% speed boost in leaked benchmark
The camera assembly on the Google Pixel 9
The latest Google Pixel update is breaking fingerprint scanners — but there may be a fix
  • BEAUFORD_SAVAGE
    "but only if they can be there in-person"
    Then don't let anyone in a hoody use your computer. On TV all hackers wear hoody's with the hood up.
    Or change mouse.
    Reply