Is this a Razer issue? To me it feels like Windows should be fixing this, like, how is the fault of a manufacturer that you plug a peripheral and it causes a vulnerability in your OS?
Well, yes, but being a massive vulnerability is how Windows works and what they have to keep backwards compatibility with.
We’ll have to see tons of pipelines and hospitals shut down before Microsoft would even consider changing that.I don’t understand the details but looks like Razer has some agency over this:
Over the weekend, security researcher Jon Hat posted on Twitter that after plugging in a Razer mouse or dongle, Windows Update will download the Razer installer executable and run it with SYSTEM privileges. It also lets you access the Windows file explorer and Powershell with “elevated” privileges — which essentially means someone with physical access to the computer could install harmful software.
I’m sure this can be fixed from their side and that maybe they should program it in a way that does not ask for sudo privileges, but the OS should realize this and stop it before hand or after it completed its necessary sudo functions. If it can’t work without them, then sure, that’s their fault, but it seems weird to me blaming the manufacturer for it.
