Sometimes vulnerabilities happen through coding errors, with strange consequences. That’s happening right now for some Windows users. Computer accessories maker Razer has made it onto the list of companies with strange bugs. But while the others are somewhat funny and harmless, this flaw could have serious consequences.

Here’s the backstory

When you connect a mouse to a computer, you generally expect one of two things to happen. The mouse will either work fully as intended, or it won’t. But you’ll never expect your new Razer mouse to give you full access to the computer that it’s connected to. Yet, in a bizarre flaw, that is exactly what is happening with some of the company’s mouse peripherals. Identified by security researcher Jon Hat, he noticed that Windows Update would download the Razer installer executable whenever he plugged in a Razer mouse or dongle. That isn’t the strange part, as most devices need Windows drivers to work properly. But the problem here was the file was run with system-wide privileges. This means that anybody who plugs in a Razer mouse now has elevated access to that computer. With those kinds of access levels, someone could control the entire machine and even install malicious software. So if anyone with nefarious intentions had access to your computer, they could take advantage of the flaw. Razer has confirmed that the bug exists and is trying to figure out how it happened. “We were made aware of a situation in which our software, in a very specific use case, provides a user with broader access to their machine during the installation process,” Razer acknowledged.

What you can do about the flaw

There is no immediate danger of your computer being taken over by a hacker, as the device physically needs to be plugged into your system. So your best move is to keep your computer in sight at all times and if you walk away, make sure it’s locked down. But it can be dangerous if you have a shared computer in your house, and someone plugs a Razer mouse into it. With elevated privileges, someone could delete or remove important data. Or worse, install malware on your machine. As for a remedy, Razer said that it is busy working on a software update that will solve the problem. No timeline has been given for the patch rollout, but it is expected to be in the next few days.

Keep reading

Update your PC! Latest patch fixes dozens of flaws, including PrintNightmare Tech trick: Turn your phone into a computer mouse