Comment Re:Here's a useful summary (Score 1) 85
Yes, that is the part of the issue.
A lot of windows drivers have configuration tools to be installed with the driver. Windows update is downloading and installing a driver automatically from Microsoft Update Catalogue. Windows Update runs these as SYSTEM (to specifically ignore UAC prompts).
In this specific case, it is launching an interactive installer with a file location picker for install location. Saide file location picker is standard Windows API provided picker of explorer.exe instance, all Razer code is doing at that point is ask windows API to get location from user. However windows API is likely to have other issues like this, usually it isn't a problem as such installs would be after an affirmative UAC by an administrator user (you can go and run the same installer.exe from Razer's website and find the first thing it does is ask for UAC elevation), in the name of ease of use, Windows Update is bypassing that by running the installers as SYSTEM, if installer is then interactive it is likely there is control somewhere that can be subverted.