Disable Plug-N-Play USB Auto-Installers to prevent anyone getting SYSTEM Administrator privileges: Razer Bug highlights serious security loophole

Razer Bug Security Vulnerability Block Windows 10 Registry Editor Hack
Block all auto-installers in Windows 10. Pic credit: Alejandro Mallea/Flickr

The Razer Bug brought into the spotlight the ridiculously easy way to secure Admin-level rights on any Windows 10 PC. There has been a desperate search for a way to block the Local Privilege Escalation (LPE) security vulnerability, and it just ended.

Security researchers recently discovered how easily anyone could gain access to Administrator or SYSTEM privileges on a Windows 10 computer by merely plugging a Razer-branded USB peripheral. Now, a Registry hack is available to block such potential threats.

Razer Bug highlights serious security vulnerabilities that can be easily exploited to gain Administrator rights:

A Twitter user recently discovered and alerted Razer about a security loophole that allowed anyone to merely plug in a Razer mouse, keyboard, or a dongle, to gain SYSTEM privileges. The security researcher published the findings on Twitter, allegedly to gain the company’s attention.

The trick to gain SYSTEM privileges is surprisingly easy. A threat actor merely needs to insert a Razer-branded USB peripheral, and wait for the Razer Synapse software to start installing.

At the point where the software asks for an installation location, merely press Shift and right-click on the dialog, and select ‘Open PowerShell window here.’ As the RazerInstaller.exe executable runs with SYSTEM privileges, the Razer installation program also gains the same privileges. This PowerShell window, by association with the software installer executable, also gains the SYSTEM privileges.

The security researcher has confirmed that Razer approached him and is now working to fix the security loophole. Needless to mention, even Microsoft needs to address the vulnerability. However, until the Windows OS maker blocks the Razer Bug for all other installations and USB peripherals, here is a simple registry hack.

Immediately block all Windows co-driver auto-installations of “support applications”:

It is amply clear that it is the computer peripheral supplier’s application that is the conduit to gain SYSTEM privileges in Windows 10. Simply put, PC users must block any and all co-driver support package installations until Microsoft patches the security vulnerability.

Incidentally, reports indicate researchers have found more devices that may allow local privilege elevation, including SteelSeries devices. In other words, there could be more such notorious installations that could grant Admin rights.

The temporary workaround to block all co-drive support applications from installing needs tinkering with the Registry Editor. Do note that messing with the application can render the Windows OS unusable. Hence proceed with extreme caution.

To block all auto-installers:

  • Open the Registry Editor and navigate to the following Registry Key:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Installer.
  • Under that key, add a DWORD-32 value named DisableCoInstallers and set it to 1.

Reboot the PC for the registry edit to take effect. Now moving ahead, Windows will block co-installers that are associated with any USB Peripherals.

The only drawback to the security measure is that it will block a device’s configuration software from auto-installing. Users will have to manually download any support packages.

Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x