Installing SteelSeries devices on Windows 10 can be abused to acquire administrator privileges. This can be exploited during the device setup process by clicking a link in the License Agreement page that is loaded with SYSTEM capabilities. It is not essential to have an authentic SteelSeries device to exploit the problem.
Researcher discovered a link in the License Agreement page that gets opened with SYSTEM rights during the device setup process, allowing complete admin privileges to a Windows 10 computer. It was then just a matter of using Internet Explorer to save the web page and launching elevated privileges Command Prompt from the right-click menu of the “Save As” box.
One can then move around the PC with enhanced privileges and perform whatever an admin can do. This is applicable for all SteelSeries peripherals, including mouse, keyboards, and headsets.
The vulnerability may still be abused even after it has been patched. When plugging in a SteelSeries device, an attacker could save the vulnerable signed executable dropped in the temporary folder and do it in a DNS poisoning attack.
The finding came after the disclosure of the news last week that the Razer Synapse software may be exploited to gain permissions when pairing a Razer mouse or keyboard.