Privilege escalation zero-day vulnerability actively exploited in Razer Synapse

Privilege escalation zero-day vulnerability actively exploited in Razer Synapse

Hello everyone,


A zero-day vulnerability in Razer Synapse tracked as CWE-264 -  Permissions, Privileges, and Access Controls, is being actively exploited in the wild. This is a privilege escalation vulnerability and allows a local attacker to gain administrative privileges on Windows 10 or Windows 11.


Vulnerability description:

The vulnerability exists because the application does not properly impose security restrictions in Windows 10 after plugging in a Razer mouse or keyboard, which leads to security restrictions bypass and privilege escalation.

‚Äč

Patch status:

Currently, a patch for this vulnerability is unavailable but a public exploit for the vulnerability exists and reports suggest that it is being actively exploited in the wild.


Cheers,

The ManageEngine Team