Recently, a bug was discovered in the Razer Synapse software that granted unauthorized admin access. Now, a similar bug was found in SteelSeries software that gives anyone who plugs in a device complete control over a Windows 10 PC with admin rights.
Security researcher Lawrence Amer decided to investigate after the Razer vulnerability popped up. They found that there was a link in the License Agreement screen that is opened with SYSTEM privileges during the device setup process, thus granting full access to a Windows 10 machine as an admin.
Amer opened the link in Internet Explorer. Once there, it was as simple as saving a web page and launching an elevated Command Prompt from the right-click menu. From there, you can move around the PC with elevated privileges and do anything an admin can do.