What have to understand from the installation process is that the software will first download another setup file “SteelSeriesGG6.2.0Setup.exe” and place the whole content into C:\windows\temp folder which means that the user cannot select a folder to save.īy using Procmon, I have applied some query filters to inspect if the application is loading any possible missing DLL/EXE from user folders that normal users have access to, but with no successful result. Process investigation walkthroughĪfter plugging the keyboard, windows 10 start the process of installation and then immediately popped up the software installer as the following figure below In order to get insightful process information, the best way is by using Sysinternals toolkits such as Procmon or you can use process hacker portable version. Tried to contact but wasn't able to find any channel to report about their product's security issue. and was able to find another privilege escalation vulnerability, There is more?Īfter that disclosure, I have tried to conduct a test against another gamming keyboard “SteelSeries” which I have recently bought and started to play a litter bit with it. Since the process wrapper of this software is running with SYSTEM privileges, the attacker could abuse the installation path to lunch a prompt command with the same permission. Recently a Security researcher discovered a zero-day vulnerability in the plug-and-play Razer Synapse installation that allows users to gain SYSTEM privileges on a Windows device quickly.īy plugging the Razer mouse into the system, windows 10 will download the suitable software and start the process of driver installation.
bypass restricted command prompt for none-privileged users.Hunting Windows Credentials (CredUIPromptForWindowsCredentials).
0 kommentar(er)
