![]() exe result contains NOT Code language: CSS ( css )Īfter finishing the downloading process, another setup process starts from the following path C:\windows\Temp\ with the same SYSTEM level. #PROCMON FILTER application name contains SteelSeries path endswith. What has to understand from the installation process is that the software will first download another setup file “SteelSeriesGG6.2.0Setup.exe” and place the whole content into C:\windows\temp folder which means that the user cannot select a folder to save.īy using Procmon, I have applied some query filters to inspect if the application is loading any possible missing DLL/EXE from user folders that normal users have access to, but with no successful result. In order to get insightful process information, the best way is by using Sysinternals toolkits such as Procmon or you can use the process hacker portable version. Process investigation walkthroughĪfter plugging the keyboard, windows 10 start the process of installation and then immediately popped up the software installer as the following figure below and was able to find another privilege escalation vulnerability, tried to contact but wasn’t able to find any channel to report about their product’s security issue. Since the process wrapper of this software is running with SYSTEM privileges, the attacker could abuse the installation path to lunch a prompt command with the same permission.Īfter that disclosure, I have tried to conduct a test against another gamming keyboard “SteelSeries” which I have recently bought and started to play a litter bit with it. ![]() by plugging the Razer mouse into the system, windows 10 will download the suitable software and start the process of driver installation. Recently a Security researcher discovered a zero-day vulnerability in the plug-and-play Razer Synapse installation that allows users to gain SYSTEM privileges on a Windows device quickly.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |