11/11/2023 0 Comments Gg app steelseries![]() ![]() If you have an urgent matter, please open a help desk ticket! Our inboxes are always full and we most definitely will not be able to get in touch with you right away. All time is donated by the team after regular work hours. They do not work in this subreddit full time. They are marked by an orange SteelSeries flair. Rule 2 - Some of the mods of this sub are SteelSeries representatives. All RMA related tickets will be auto removed by AutoModerator. All support matters will be handled directly through your ticket and our ticket system. If your help ticket was recently resolved and you feel it is not resolved, please create a "follow-up" ticket where we can further discuss your case. Threads relating to support will be closed with discussion continuing in your ticket at the SteelSeries Support Center. All Support related threads must have a customer support ticket either currently open or recently resolved. Rule 1 - This sub is not a dedicated support channel and it is not designed to be such. Sub Categories and Filters AUDIO KEYBOARD MOUSE CONTROLLER MOUSEPAD SOFTWARE Posting Rules National Holidays and are closed for business accordingly. We hope you enjoy your stay and find this sub to be a friendly and helpful community. Prior to posting any help related concerns, please be sure that you have an open ticket, through SteelSeries Support, with our customer support team. Stay awhile and listen! Please review the quick links and rules we have listed below. There's likely to be other software that can be exploited in similar ways to grant local privilege escalation, and we'll likely hear similar stories come out in the near future.STEELSERIES SHOP OPEN A SUPPORT TICKET VIEW OUR FAQ STEELSERIES ENGINE DOWNLOAD TECH BLOG Winning is Everything Aside from Razer and SteelSeries peripherals, other brands likely have similar software with vulnerabilities like this on Windows 10. This was demonstrated by Twitter user an0n, who had also done the same for the Razer vulnerability.With these vulnerabilities discovered in Windows 10, it seems like this could open the floodgates. Additionally, just like the Razer vulnerability, this doesn't require a real SteelSeries device, as that information can be spoofed with an Android phone to trick Windows into downloading the SteelSeries software. Even if SteelSeries fixes the issue here, the current dangerous file can be saved and distributed to carry out the attack in the future. The second installer, extracted by the first one, will always run under the SYSTEM user. This File Explorer window allows anyone to easily launch a command prompt window with administrator permissions, and users can perform any action they want from there.Not only that, but this vulnerability can't exactly be patched. At this point, all the attacker needs to do is try to save the current webpage, which opens a File Explorer window to choose a location to save the file.įrom there, the process is the same as with the Razer vulnerability. If the user hasn't set a default browser yet, Windows 10 will prompt them to choose an app to open the link in, and if they choose Internet Explorer, the browser launches under the SYSTEM user just like the installer. This page includes a link to the full agreement on SteelSeries' website. The first installer extracts more installation files into a set location, and then the extracted installer is run, too.At one point, the second installer presents the user with a license agreement, as you'd expect. Similar to Razer, this installer is run by the trusted SYSTEM user, which has administrator permissions.Unlike Razer's Synapse software, though, installation of the SteelSeries GG software initially takes place without giving users the chance to choose a folder to save the files, which was where the first vulnerability was exploited. Upon plugging in a SteelSeries keyboard, Windows tries to install the SteelSeries GG app, which is used for managing certain features in SteelSeries peripherals, like RGB lighting. Inspired by the discovery earlier this week, security researcher Lawrence Amer, tried to look for a similar vulnerability with SteelSeries peripherals on Windows 10. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |