Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Patches “Mousejack” Vulnerability

Microsoft released several security updates this month as part of its regular Patch Tuesday update, including the overhyped Badlock flaw.

Microsoft released several security updates this month as part of its regular Patch Tuesday update, including the overhyped Badlock flaw. One patch that went largely unnoticed, however, was an optional update meant to resolve Mousejack, a security bug that could allow an attacker to hijack the users’ wireless mice to execute malicious commands on the affected computer.

The issue was disclosed in February by researchers at IoT security company Bastille, who revealed that a $15 USB dongle can be used to run arbitrary commands into a victim’s computer from up to 100 meters (328 feet) away. Having the dongle connected to his/her laptop, an attacker can download malware, steal files, and perform other activities that require access to the computer’s keyboard.

At the time, researchers said that the vulnerability affects wireless mice and keyboards from Dell, Logitech, Microsoft, HP, Amazon, Gigabyte, and Lenovo, but that devices from other vendors could also be affected. The flaw affects USB dongles shipped with wireless keyboards and mice and can be exploited to attack any PC, Mac or Linux computer.

As part of its latest Tuesday patches, Microsoft released an optional update to improve input filtering for certain Microsoft wireless mouse devices. As the company explains in the update’s security advisory, the patch resolves a vulnerability where keyboard HID packets can be injected into Microsoft wireless mouse devices through USB dongles.

To block this type of attack, the company has released a filter driver as part of the optional update, so that input from affected Microsoft wireless mice is monitored, ensuring that no QWERTY key frames that normally indicate keyboard traffic go through.

According to Microsoft, affected devices include Sculpt Ergonomic mouse, Sculpt Mobile Mouse, Wireless Mobile Mouse 3000 v2.0, Wireless Mobile Mouse 3500, Wireless Mobile Mouse 4000, Wireless Mouse 1000, Wireless Mouse 2000, Wireless Mouse 5000, and Arc Touch Mouse. The update was released for Windows 7, Windows 8.1 and Windows 10 machines, the company also said.

Advertisement. Scroll to continue reading.

The update was not released for Windows Server devices and does not resolve the issue in non-Microsoft wireless mice and keyboards, Marc Newlin, one of the researchers who discovered the flaw in the first place, says.  The Microsoft Sculpt Ergonomic Mouse is still vulnerable to the attack, Newlin said.

Owners of Microsoft wireless mice are advised to install the optional update, to minimize attack surface. The update can be applied either automatically, through Windows Update, or manually, by opening Windows Update from the Control Panel, checking for updates and finding and installing this specific patch from the list of optional updates.

Related: Microsoft, Samba Patch “Badlock” Vulnerability

Written By

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

BlueVoyant has appointed Ravi Subramanian as CFO and Jamie Coleman as CCO.

Solana Foundation has appointed Michael Coates as Chief Information Security Officer.

Michael Sikorski has joined Coinbase as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.