CVE-2017-9769

Name of the Vulnerable Software and Affected Versions Razer Synapse version 2.20.15.1104

Description The issue is related to a specially crafted IOCTL that can be issued to the rzpnk.sys driver, allowing a handle to be opened to an arbitrary process through ZwOpenProcess. This is due to insufficient access control to the ZwOpenProcess procedure. Exploitation of this issue may allow a remote attacker to open a descriptor for any process.

Recommendations For Razer Synapse version 2.20.15.1104, consider restricting access to the rzpnk.sys driver as a temporary workaround until a patch is available. Additionally, avoid using the ZwOpenProcess procedure in the affected driver to minimize the risk of exploitation.