But how does this vulnerability grant administrative rights? And is SteelSeries doing anything to fix the bug?
How Does the SteelSeries Bug Work?
Lawrence Amer, a security researcher who recently discovered the Razer bug, also unearthed the SteelSeries vulnerability while playing with a SteelSeries keyboard which granted him administrative rights using the Command Prompt in Windows 10.
According to Amer, this bug can be leveraged during the initial device setup process using a link in the License Agreement screen that is opened with SYSTEM privileges.
This vulnerability is not limited to any one device but can be applied to all SteelSeries peripherals including mice, keyboards, headsets, and so on.
In fact, you don’t even need an actual device to exploit the vulnerability as you can simply emulate a SteelSeries device that lets you launch the installation process without ever plugging in any hardware.
Has SteelSeries Fixed the Bug?
So how can you protect yourself from this? The company has issued a statement regarding a fix:
In a nutshell, SteelSeries has fixed the exploit for the time being. Amer, however, is not too convinced and claims that one could still save the vulnerable signed executable file in the temporary folder which can then be played when plugging in a SteelSeries device or its emulation.
Do Not Share or Leave Your Device Unattended
With bugs like SteelSeries and Razer in the equation now, anyone with physical access to your Windows 10 device can potentially take full administrative control. Leaving devices unattended in public or sharing them with random people can also put you at risk of other vicious threats like phishing, malware injections, and Evil Maid attacks.
Never leave your device unattended and accessible to strangers because device security is just as important as software security.
