Windows 10 users can’t keep up with security threats. Earlier this week, it was discovered that plugging Razor Perry Ferrell into a Windows 10 PC could easily give the user admin rights on that PC. Now, a very similar story has happened through the steel series Perry Ferrell. Blipping computer.).
Inspired by the discovery earlier this week, security researchers Lawrence Amir, Tried to find a similar weakness with the Steel Series Perry Ferrell on Windows 10. After plugging in the Steel Series keyboard, Windows tries to install the Steel Series GG app, which is used to manage certain features in the Steel Series Peripherals, such as RGB Lighting. Like Razor, this installer is run by a trusted system user, who has administrator permissions.
Unlike Razer’s Synapse software, however, Steel Series GG software is initially installed without giving users the opportunity to select folders to save files, where the first vulnerability was exploited. The first installer removes most of the installation files to a specific location, and then the extracted installer is also run.
On one occasion, another installer offers the user a license agreement, as you would expect. This page includes a link to the full deal on the Steel Series website. If the user has not yet set the default browser, Windows 10 will prompt them to select an app to open the link, and if they choose Internet Explorer, the system would launch under the user like a browser installer Is. At this point, all attackers need to try to save the existing web page, which opens the File Explorer window to select a location to save the file to.
– Lawrence (ux zux0x3a) August 23, 2021.
From there, the process is the same as with razor weakness. This file explorer window allows anyone to easily launch the command prompt window with administrator permission, and users can take any action they want from there.
Not only this, with the help of fire you can do welding. The second installer, removed by the first one, will always run under the system user. Even if the Steel series solves the problem here, the current dangerous file can be saved and distributed for future attack. Furthermore, like the weakness of the razor, it does not require a real Steel Series device, as this information can be tricked into Android phones so that Windows can be tricked into downloading Steel Series software. ۔ Demonstrated by him. Twitter user an0n., Which did the same for the weakness of the razor.
With these vulnerabilities discovered in Windows 10, it looks like it could open the floodgates. With the exception of Razer and SteelSeries peripherals, other brands are likely to have similar software on Windows 10. In the near future.