Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Patches “Mousejack” Vulnerability

Microsoft released several security updates this month as part of its regular Patch Tuesday update, including the overhyped Badlock flaw.

Microsoft released several security updates this month as part of its regular Patch Tuesday update, including the overhyped Badlock flaw. One patch that went largely unnoticed, however, was an optional update meant to resolve Mousejack, a security bug that could allow an attacker to hijack the users’ wireless mice to execute malicious commands on the affected computer.

The issue was disclosed in February by researchers at IoT security company Bastille, who revealed that a $15 USB dongle can be used to run arbitrary commands into a victim’s computer from up to 100 meters (328 feet) away. Having the dongle connected to his/her laptop, an attacker can download malware, steal files, and perform other activities that require access to the computer’s keyboard.

At the time, researchers said that the vulnerability affects wireless mice and keyboards from Dell, Logitech, Microsoft, HP, Amazon, Gigabyte, and Lenovo, but that devices from other vendors could also be affected. The flaw affects USB dongles shipped with wireless keyboards and mice and can be exploited to attack any PC, Mac or Linux computer.

As part of its latest Tuesday patches, Microsoft released an optional update to improve input filtering for certain Microsoft wireless mouse devices. As the company explains in the update’s security advisory, the patch resolves a vulnerability where keyboard HID packets can be injected into Microsoft wireless mouse devices through USB dongles.

To block this type of attack, the company has released a filter driver as part of the optional update, so that input from affected Microsoft wireless mice is monitored, ensuring that no QWERTY key frames that normally indicate keyboard traffic go through.

According to Microsoft, affected devices include Sculpt Ergonomic mouse, Sculpt Mobile Mouse, Wireless Mobile Mouse 3000 v2.0, Wireless Mobile Mouse 3500, Wireless Mobile Mouse 4000, Wireless Mouse 1000, Wireless Mouse 2000, Wireless Mouse 5000, and Arc Touch Mouse. The update was released for Windows 7, Windows 8.1 and Windows 10 machines, the company also said.

The update was not released for Windows Server devices and does not resolve the issue in non-Microsoft wireless mice and keyboards, Marc Newlin, one of the researchers who discovered the flaw in the first place, says.  The Microsoft Sculpt Ergonomic Mouse is still vulnerable to the attack, Newlin said.

Owners of Microsoft wireless mice are advised to install the optional update, to minimize attack surface. The update can be applied either automatically, through Windows Update, or manually, by opening Windows Update from the Control Panel, checking for updates and finding and installing this specific patch from the list of optional updates.

Related: Microsoft, Samba Patch “Badlock” Vulnerability

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.