novirus Posted March 11 Report Share Posted March 11 c/p exploit this vulnerability was to plug in a Razer mouse, or the dongle it uses, and then shift-right from the Explorer window opened by Windows Update to choose a driver location and open a PowerShell with complete SYSTEM, or admin if you prefer, rights. And it got worse as an attacker would also be able to use the hack and save a service binary that could be "hijacked for persistence" and executed before the user even logs on during the boot process. look for windows 10 update to plug in this issue MS said asap x its installer issue. Quote Link to comment Share on other sites More sharing options...
ritchie58 Posted March 12 Report Share Posted March 12 I did some research on this vulnerability and according to Microsoft that was fixed back in November 2021 during Patch Tuesday.https://www.windowscentral.com/windows-10-bug-lets-people-gain-admin-rights-razer-mice#:~:text=A vulnerability was recently revealhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41379 I can't find anything regarding any recently similar Razor mouse Win 10 vulnerability issue. If I'm wrong could you add a new thread to this topic with a link or links to verify that? That would be greatly appreciated novirus! Regards, Ritchie... 1 Quote Link to comment Share on other sites More sharing options...
Scats Posted March 12 Report Share Posted March 12 I think I heard about this hack, but I believe like ritchie said it was patched years ago. This does bring up how important it is to keep systems and programs up to date when possible. By keeping software up to date and patched it can help avoid potential vulnerabilities. The Lastpass breach that recently happened was caused by a Plex server not updated and a known vulnerability was how the attack happened and from what I understand it had been fixed with an update that was not done by one of the sys admins. Part of my profession is to find and address security issues with networks and systems and Ive lost count of the times I find updates not done. Even simple thing like network printers or IoT devices can have a update to fix these that are so often not done. I strongly urge everyone to take a moment to look at your network and devices and check for updates often. I also find very often that a 3rd party AV that is expired and ignored. This is one benefit of Immunet that it wont expire or turn off real time protection since it free and community based. Stay safe all... 1 Quote Link to comment Share on other sites More sharing options...
ritchie58 Posted March 12 Report Share Posted March 12 You're so right there Scats! It is vitally important to keep not only your OS but even any peripherals you or your server environment uses updated with the newest security patches! Even the developers of 3rd party software programs do issue builds to patch discovered security vulnerabilities. I'm hoping the devs will do just that for the ClamAV buffer overflow vulnerability. "I'd love to see that transpire real soon!" For that reason it is a good idea to keep all your software programs up to date with the newest builds to weigh on the side of caution if anything. Best wishes, Ritchie... 1 Quote Link to comment Share on other sites More sharing options...
Robert G. Posted March 12 Report Share Posted March 12 I too believe Ritchie is correct. That Razor vulnerability was originally reported back in 2021 if my memory serves me correctly. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.