Razer Patches Two Security Vulnerabilities

Subject: General Tech | August 5, 2017 - 11:20 PM |
Tagged: razer

Back in July, a security research group, SecureState, published two vulnerabilities after privately disclosing them to Razer back in March and April. The first vulnerability could lead to a blue-screen of death for the affected machine, although it would need to be triggered by another applications running on the machine. Forcing a blue-screen could be intimidating, but there would be plenty of other things that a malicious application could do if it was able to do that.

View Full Size

The second issue was more concerning, though. This one allowed, again, another application running on the machine to gain NT_AUTHORITY\SYSTEM privileges. For instance, a user could think that they’re installing a mod for a game, and their computer is completely owned. At the time, Razer did not publish an update, so the company recommended uninstalling Razer Synapse.

Now, as of August 1st, according to Tom’s Hardware, Razer has pushed the update. If you uninstalled Razer Synapse, it’s once again safe. You know, as safe as any other device driver.


August 6, 2017 | 09:25 AM - Posted by doofus (not verified)

Tom's is incorrect - the latest version of Synapse is Razer_Synapse_Framework_V2.20.15.1104 - that was available back in May.

Why anyone continues to buy hardware that requires a cloud account to use the drivers escapes me.

August 6, 2017 | 12:32 PM - Posted by Scott Michaud

Oh really? I use Logitech so I can't confirm.

August 6, 2017 | 03:01 PM - Posted by doofus (not verified)

Correction - the version from the default synapse download page is old. A newer version (V2.20.17.413) can be downloaded from this support page:

http://drivers.razersupport.com/index.php?_m=downloads&_a=view&parentcat...

After installing that, the updater will prompt you to install V2.21 (which doesn't seem available via direct download). That in turn has a brief note about a fixed vulnerability.

Did I mention that you have to be logged into windows as an administrator in order for the drivers "stay logged in" checkbox to apply? If you're using a standard (more secure) account, you have to login to the drivers every single time.

TL;DR - Razer are idiots.

August 7, 2017 | 07:22 AM - Posted by AllUpInYoBinezzFerDaBucks (not verified)

With each new cloud based reqirement folks lose a little bit more of their privacy. And to have to stay logged in with with your anmin account to the drivers after you install them with all that root access/admin access. And it's all so Razer can Roomba up you personal metrics for sale to any marketing folks intrested. WTF having to log into your drivers with your admin account even after the drivers are installed so your drivers can remain logged in.

That's Windows 10 and its cloud types of requirements, and now even more of the same from the device's OEM, and GPU maker. Why do any drivers need administrative access after they have been installed for any reason other than some nefarious reason. Better start checking the firmware in those Razor PCs/Laptops they are starting to get that Lenovo smell.

So now you don't have to worry about Spyware getting on your gaming PC/Laptop as that spyware comes factory installed from the OEM, OS and GPU makers. And with M$/OEMs spyware comes standard, as long as it's the spyware that M$/OEM/GPU divice makers control. Spyware! oh don't you worry about that, it's a feature!

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.