BACKGROUND:
Jonhat on Twitter details the Zero-day admin escalation he found using Razer peripherals on Windows 10. He even includes a video example of the escalation. Excerpt:
Need local admin and have physical access?
– Plug a Razer mouse (or the dongle)
– Windows Update will download and execute RazerInstaller as SYSTEM
– Abuse elevated Explorer to open Powershell with Shift+Right click
<p>Once used, forever vulnerable. All you have to do is plug in a Razer mouse dongle and Windows 10 will automatically download a driver that will elevate privileges to local admin. From there, it’s possible to install malware that can interact with other systems on the network. This is a zero-day vulnerability, in that there is no known fix for it from the vendor. An analytics-driven cybersecurity approach is likely to find this when it occurs through system and network log files and can flag security professionals to investigate the offending computer. Otherwise, it can wreak havoc on the entire network.</p>