Hack a PC? Plug in a Razer Mouse with Automatic Synapse Installation | TechPowerUp
 
Over the past few generations, Razer has automated the download and installation of the Razer Synapse software by having it start the first time to plug in a Razer peripheral on your computer (mouse, keyboard, USB headset, etc.). This may be well-intentioned, but comes with a glaring security flaw, according to a LifeHacker report citing a security discovery by @j0nh4t on Twitter. Apparently, plugging in a Razer peripheral causes the Razer Synapse installer to prompt download and installation using a privileged Windows process (using Windows Update).

Once you download and run the installer, you can choose a custom installation folder for the application. This spawns a Windows Explorer dialog that is privileged and can access folders regular users probably don't have access to, as per an organization's group policy. Once in this dialog, you can simply shift+right-click on a folder, and click on "open PowerShell window here," to spawn a privileged PowerShell at that location, and knock yourself out with whatever it is you want to do to the machine. Visit the source link below for a video demo on how this hack works.
 
This is a really bad security flaw that needs to be fixed ASAP in my opinion. 
 

The automatic installation and download of the utility when you plug in the mouse and allowing access is Razer's fault.  An install utility for a mouse should never have that level of privilege.  An individual has to physically open Power Shell after the install on the target computer, which for the home user is not a big problem.  For corporate systems it is possibly a really big problem.
 
I do not like automatic downloads or updates as I want the choice.  I understand Razer is working on a patch.
 
In the meantime when you go into work, you will be searched to see if you have a Razer mouse in your pocket.
 
 

Here is some further information and based on it, I would say Razer’s installer is to blame.
 
“A security researcher named Jon Hat recently revealed that you could gain SYSTEM access on a PC by plugging in a Razer gaming mouse or dongle (via Neowin). If you have local access to a machine, plugging in a Razer device installs RazerInstaller.exe, which runs with SYSTEM privileges. It also allows someone to open Windows PowerShell and the File Explorer with elevated privileges. With this exploit, someone could install harmful software onto a computer.
 
Because of the nature of the vulnerability, a person requires physical access to a PC to exploit it. This makes it less dangerous than a vulnerability that can be exploited remotely, but it still leaves a security risk.
 
While separate, this Razer-related vulnerability has some characteristics in common with the PrintNightmare vulnerabilities on Windows 10. Both types of vulnerabilities rely on someone installing an item on a local account and gaining SYSTEM privileges despite not being an admin on a computer.
 
Hat explains that he reported the vulnerability to Razer but did not initially hear back from the company. Following this, Hat shared the vulnerability publicly. Since, Razer has responded to Hat, explaining that it is working on a fix.”
 
Source:  Windows Central

Not really a vulnerability. 1 - Requires preinstalled software; 2 - requires physical access to a PC.