A notable bug allows getting the highest permissions on Windows 10. It is enough to connect a mouse or keyboard from Razer.
When you connect peripherals, a driver is installed in Windows almost automatically. But at Razer, that happens with just a little too many options. A security researcher who is active on Twitter as jonhat shows how he still gets system privileges with a regular account.
By connecting a mouse or keyboard from Razer, the Razer Synapse software is installed; you can choose in which folder you install. Then, in that folder, you can choose with shift + right-click to open a PowerShell window where you have system privileges. From there, you have full control over the machine, even if you do that from a guest account or an account without admin rights.
It is not a bug that can be executed remotely, which makes the risk of attacks relatively limited. However, anyone who has physical access to a device can gain full control over that device without much effort.
Jonhat tried to contact Razer about the flaw but got no response, demonstrating the vulnerability on Twitter. In the meantime, he announces that Razer will fix the bug soon and that the discoverer will be rewarded for his find.