Privilege escalation zero-day vulnerability actively exploited in Razer Synapse

Privilege escalation zero-day vulnerability actively exploited in Razer Synapse

Hello everyone,


A zero-day vulnerability in Razer Synapse tracked as CWE-264 -  Permissions, Privileges, and Access Controls, is being actively exploited in the wild. This is a privilege escalation vulnerability and allows a local attacker to gain administrative privileges on Windows 10 or Windows 11.


Vulnerability description:

The vulnerability exists because the application does not properly impose security restrictions in Windows 10 after plugging in a Razer mouse or keyboard, which leads to security restrictions bypass and privilege escalation.


Patch status:

Currently, a patch for this vulnerability is unavailable but a public exploit for the vulnerability exists and reports suggest that it is being actively exploited in the wild.

You can find the details of this vulnerability listed under the 'Zero-day Vulnerabilities' tab in Vulnerability Manager Plus.


Cheers,

The ManageEngine Team 
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial





                            Related Products