USB mouse allows full PC access

A bug in mouse software, with assistance from Windows Update, makes it possible for somebody plugging a Razer brand mouse or USB dongle into a PC to get elevated system privileges.

When the Razer mouse/dongle is connected, Windows Update downloads the Razer installer and runs it with system-wide privileges. This means that anybody who plugs in the Razer mouse now has elevated access to that entire computer. So they can read, write, edit, copy, delete files...

Worse, a Razer device apparently doesn't need to be physically plugged into the system. It appears that someone spoofing the Razer vendor and Product IDs can trigger Windows Update to download/run the Razer installer opening up system-wide privileges. And this makes it a potential backdoor for hackers who don't have physical access to the system.

Razer is working on a patch but no ETA given...