![]() Using a Mac device? You may need to enable additional settings. The engine is now included in the GG software. If you have the standalone Engine software, is it recommended to upgrade to SteelSeries GG, as the standalone Engine is no longer supported. The engine will be able to configure your device wirelessly.Ģ) Make sure you have the latest version of SteelSeries GG installed. If your product came with a USB wireless transmitter or wireless dongle, please connect the wireless transmitter to your device. If you are on a laptop and notice that your device powers on and off intermittently, change to a port on another side of the laptop. Using the rear ports directly on your motherboard instead of any HUB ports or external hubs will ensure your drivers load correctly, and that the device receives adequate power. There's likely to be other software that can be exploited in similar ways to grant local privilege escalation, and we'll likely hear similar stories come out in the near future.To set up your SteelSeries GG supported USB device, please take the following steps:ġ) Plug your device into a rear USB 3.0 or 2.0 port. Aside from Razer and SteelSeries peripherals, other brands likely have similar software with vulnerabilities like this on Windows 10. This was demonstrated by Twitter user an0n, who had also done the same for the Razer vulnerability.With these vulnerabilities discovered in Windows 10, it seems like this could open the floodgates. Additionally, just like the Razer vulnerability, this doesn't require a real SteelSeries device, as that information can be spoofed with an Android phone to trick Windows into downloading the SteelSeries software. Even if SteelSeries fixes the issue here, the current dangerous file can be saved and distributed to carry out the attack in the future. The second installer, extracted by the first one, will always run under the SYSTEM user. This File Explorer window allows anyone to easily launch a command prompt window with administrator permissions, and users can perform any action they want from there.Not only that, but this vulnerability can't exactly be patched. At this point, all the attacker needs to do is try to save the current webpage, which opens a File Explorer window to choose a location to save the file.įrom there, the process is the same as with the Razer vulnerability. ![]() If the user hasn't set a default browser yet, Windows 10 will prompt them to choose an app to open the link in, and if they choose Internet Explorer, the browser launches under the SYSTEM user just like the installer. This page includes a link to the full agreement on SteelSeries' website. The first installer extracts more installation files into a set location, and then the extracted installer is run, too.At one point, the second installer presents the user with a license agreement, as you'd expect. Similar to Razer, this installer is run by the trusted SYSTEM user, which has administrator permissions.Unlike Razer's Synapse software, though, installation of the SteelSeries GG software initially takes place without giving users the chance to choose a folder to save the files, which was where the first vulnerability was exploited. Upon plugging in a SteelSeries keyboard, Windows tries to install the SteelSeries GG app, which is used for managing certain features in SteelSeries peripherals, like RGB lighting. Inspired by the discovery earlier this week, security researcher Lawrence Amer, tried to look for a similar vulnerability with SteelSeries peripherals on Windows 10.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |