![reinstall logitec alert commander window 10 reinstall logitec alert commander window 10](https://i2.wp.com/secure.logitech.com/assets/38060/13/alert1.jpg)
![reinstall logitec alert commander window 10 reinstall logitec alert commander window 10](https://spider-mac.com/wp-content/uploads/2012/11/mzl.ikgjifxw.800x500-75.jpg)
- #REINSTALL LOGITEC ALERT COMMANDER WINDOW 10 WINDOWS 10#
- #REINSTALL LOGITEC ALERT COMMANDER WINDOW 10 SOFTWARE#
- #REINSTALL LOGITEC ALERT COMMANDER WINDOW 10 WINDOWS#
"I initially reported this via their security vulnerability reporting form and within the Synapse app as a bug report," j0nh4t says, "I received nothing from these reports." That all changed after the zero-day tweet started going viral. Where Razer was not as quick to engage, though, was in the initial reporting of the vulnerability by the researcher. "I think my proof-of-concept video speaks for itself," j0nh4t says.
#REINSTALL LOGITEC ALERT COMMANDER WINDOW 10 SOFTWARE#
However, the spokesperson also said that "the use of our software (including the installation application) does not provide unauthorized third-party access to the machine." This would seem like a semantics stretch to me, as surely that's precisely what this exploit enables. "We have investigated the issue, are currently making changes to the installation application to limit this use case, and will release an updated version shortly," I was told. I spoke to Razer as the initial j0nh4t tweet started going viral on a Sunday, and a spokesperson was quick to engage. Razer responds quickly to the viral hack threat It would appear that the Danish manufacturer has already responded by making changes to the how the installation software works. Security researchers are already exploring more devices to see which are vulnerable Davey WinderĪnother researcher, Lawrence Amer, writing at 0xsp, has already revealed a similar privilege escalation vulnerability with a SteelSeries gaming keyboard, for example.
#REINSTALL LOGITEC ALERT COMMANDER WINDOW 10 WINDOWS#
Indeed, Grover says that even when Razer modifies its installer to mitigate the exploit, "it's still fundamentally a Windows issue for allowing it," and so the threat will remain. How many are tons? "We have a list of around 2,500 possible devices," Grover has confirmed and suggests these can be tested using an OMG cable or trusted USB device emulator and penetration testing tool BashBunny.
#REINSTALL LOGITEC ALERT COMMANDER WINDOW 10 WINDOWS 10#
What's more, Grover has warned that there are "tons of devices" that may be vulnerable and thus lead to the same potential Windows 10 hacking outcome. However, a friend of Straight Talking Cyber, Mike Grover of OMG cable fame, warns that "the OMG Cable adds the implication that an attacker doesn't need to be physically present." Having found that by spoofing a vulnerable device USB ID, the cable can be used to exploit the flaw, Grover says, "so long as they have a way to let a USB cable slip into the target location," then it's game back on. It is reasonable to assume that if you have physical access, you can get admin privileges in one way or another." Even j0nh4t admits as much, telling me, "I honestly thought from an exploit coolness level that this was kind of lame. This does, of course, take the criticality of the vulnerability, the ability for an attacker to execute the hack, down a level or three. While this issue requires physical access to a targeted device, we will take any necessary steps to help protect customers." The exploit elephant in the Razer hack roomĪh, the physical access elephant in the exploit room. I reached out to Microsoft regarding the privilege escalation issue, and a spokesperson told me, "We are aware of recent reports, and we are investigating the issue.