The security researcher @ j0nh4t has noticed that the Razer Synapse software includes a day zero vulnerability that allows you to gain privileges in Windows just by plugging in a mouse or keyboard from Razer.
Razer Synapse is a program that allows users to make detailed settings for Razer hardware and, for example, set buttons and macros. The program downloads and starts installing automatically if you connect a Razer mouse or keyboard to a Windows 10 or 11 computer.
According to Razer itself, the program has over 100 million users.
Bleeping Computer reports that @ j0nh4t contacted Razer about the vulnerability, but after receiving no response, he chose to make the existence of the vulnerability public via Twitter instead. Razer has since said it is aware of the vulnerability and will close it. They will also give @ j0nh4t compensation for the discovery even though he made it public.
Also read: How vulnerable is your smart home – and here are the risks
– .