Meanwhile, almost every manufacturer equips its gaming peripherals with a corresponding companion software. A few days ago, a problem with Razer’s program revealed that this is not always the most secure. Now the SteelSeries software is also affected by a security vulnerability that allows attackers to gain system privileges.
Security hole in SteelSeries software
The SteelSeries GG or SteelSeries Engine software is used in all current and older peripherals from the Danish manufacturer. However, it has now become known that the software also has a critical security vulnerability. Among others, Twitter user zux0x3a draws attention to this.
Under certain circumstances, an attacker could exploit a vulnerability to gain system privileges and thus completely compromise a Windows computer. The problem: The download of the software starts automatically after connecting SteelSeries peripherals. Since there is now even a generator for creating virtual HID devices, a potential attacker would not even need to connect a mouse or keyboard to exploit the vulnerability.
The vulnerability in the SteelSeries software is found in the installation section with the license agreement. It is possible to open Internet Explorer with system privileges by clicking on the corresponding link to the agreement. This could allow a local user with limited privileges to gain admin rights and cause damage to the computer.
In the meantime, however, SteelSeries has reacted to the security problem and disabled the automatic start of the software installation after plugging in corresponding devices. A corresponding software update that eliminates the security vulnerability is also already in the works.