CVE-2021-44226

Name of the Vulnerable Software and Affected Versions Razer Synapse versions prior to 3.7.0228.022817

Description The issue allows privilege escalation because Razer Synapse relies on %PROGRAMDATA%RazerSynapse3Servicebin even if %PROGRAMDATA%Razer has been created by any unprivileged user before Synapse is installed. An unprivileged user may have placed Trojan horse DLLs there.

Recommendations For versions prior to 3.7.0228.022817, update to version 3.7.0228.022817 or later to resolve the issue. As a temporary workaround, consider restricting access to the %PROGRAMDATA%RazerSynapse3Servicebin directory to prevent potential exploitation.