Skip to main content
  1. Home
  2. Computing
  3. News

Microsoft unleashes a MouseJack patch that may or may not actually work

Kevin Parrish
By

Microsoft Sculpt Ergonomic Keyboard USB receiver
Image used with permission by copyright holder
Microsoft has released an optional update that addresses a hacking technique called “MouseJack.” The update patches a number of Microsoft-based wireless mice including the Sculpt Ergonomic mouse, the Arc Touch mouse, the Wireless Mouse 1000/2000/5000, and several others. This update does not address other mice manufactured by third-party suppliers.

“A vulnerability has been discovered that allows keyboard HID packets to be injected into Microsoft wireless mouse devices through USB dongles,” the company reports. “USB dongles will accept keyboard HID packets transmitted to the RF addresses of wireless mouse devices.”

Recommended Videos

According to Microsoft, the provided update actually filters out QWERTY key packets in keystroke communications issued from the receiving USB dongle to the wireless mouse device. The security issue currently resides in both 32-bit and 64-bit versions of Windows 7 Service Pack 1, Windows 8.1, Windows 10, and Windows 10 Version 1511.

Ok, so what’s this MouseJack business all about? It’s a technique that focuses on non-Bluetooth wireless keyboards and mice. These peripherals are connected to a desktop or laptop thanks to a dongle inserted into the USB port, enabling wireless transmissions between the host computer and the peripheral. The problem is that because these signals are sent over the air, hackers can use a special device to send their own malicious signals to the host PC in the same manner.

Security firm Bastille Research actually has a website dedicated to MouseJack information, and reports that hackers can take over a PC from up to 328 feet away. They can perform “rapidly malicious activities” without being detected by the device owner simply by sending scripted commands. Hackers can even type in arbitrary text as if the victims actually entered the text themselves.

“The MouseJack exploit centers around injecting unencrypted keystrokes into a target computer,” the firm states. “Mouse movements are usually sent unencrypted, and keystrokes are often encrypted (to prevent eavesdropping what is being typed). However, the MouseJack vulnerability takes advantage of affected receiver dongles, and their associated software, allowing unencrypted keystrokes transmitted by an attacker to be passed on to the computer’s operating system as if the victim had legitimately typed them.”

There is a list of vulnerable devices located here, including products manufactured by AmazonBasics, Dell, Gigabyte, HP, Lenovo, Logitech, and Microsoft. Dell actually provided a statement on February 23, saying that it has been working with Bastille Research to address the problem related to the KM632 and the KM714 devices.

Although Microsoft has issued an update to fix the MouseJack problem with its mice, security researcher Marc Newlin says that Windows customers using Microsoft-based mice are still vulnerable to MouseJack despite the patch. Even more, he says that injection still works against the Sculpt Ergonomic mouse and all non-Microsoft mice. There’s also no Windows Server support in the patch.

For more information about the new patch and how to perform a manual install, check out the Microsoft Security Advisory 3152550 here. Otherwise, Microsoft customers using one of its listed wireless products might want to consider grabbing the update when it arrives via Windows Update.

Topics
Kevin Parrish
Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
This Samsung 27-inch QHD gaming monitor is almost 50% off
Samsung's 2023 Odyssey Neo G7 sitting on a table.

Complete your PC gaming setup with the 27-inch Samsung Odyssey G6 curved gaming monitor, which is available from Walmart with a $333 discount that nearly halves its original price of $700 to only $367. This is one of the most attractive monitor deals that we've seen recently due to all of the features that you'll be getting for this affordable price. You're going to have to act fast though -- the offer may expire at any moment, so you're going to want to complete your purchase before that happens.

Why you should buy the 27-inch Samsung Odyssey G6 curved gaming monitor
The Samsung Odyssey G6 curved gaming monitor is an excellent display for the best PC games. The gaming monitor offers QHD resolution so that you'll enjoy sharp details and vivid colors while you're playing, while the 1000R curvature matches the curve of your eye and fills your peripheral vision for a more comfortable viewing experience. This is important when you have the habit of playing video games for several hours at a time. The Samsung Odyssey G6 curved gaming monitor also supports the Samsung Gaming Hub, which will let you access various cloud gaming services in one place.

Read more
Forget Apple’s 5K Studio Display: Dell’s UltraSharp 6K monitor is $150 off
The Dell 32-inch UltraSharp 6K monitor on a white background at a side angle.

Excited by the prospect of the world’s first 6K monitor? Be even more excited when you realise that Dell has discounted the Dell UltraSharp 32 6K Monitor at the moment so you can buy it for $150 off. One of the best high-end monitor deals out there today, it’s perfect for those who want the ultimate monitor right now. Usually priced at $2,480, it’s down to $2,330 for a limited time. Here’s what you need to know about it.

Why you should buy the Dell UltraSharp 32 6K Monitor
The best 4K monitors look great but they won’t compete with the wonders of the Dell UltraSharp 32 6K Monitor and its 6144 x 3456 resolution. That amount of pixels is spectacular in all the right ways with a color gamut of 99% DCI-P3 further aiding matters. It has an IPS Black panel which is a superior type of IPS panel. It offers 35% deeper blacks and greater gray colour level accuracy than conventional IPS for exceptional contrast and a sharper content viewing experience. It’s well-suited for content creation and video editing so it’s just what someone needs from a 6K screen. The 32-inch screen promises up to 156% more pixels compared to a 4K monitor with wide color coverage and exceptional 2000:1 contrast ratio.

Read more
This flash deal gets you 80% off a 2-year SurfShark VPN subscription
The Surfshark logo on a blue background.

It's highly recommended for everyone to have a VPN (virtual private network) in their devices, as you can never be too sure when it comes to your online privacy. The good ones don't come cheap though, which is why VPN deals always attract a lot of attention. Here's one for you to shop -- a two-year subscription to the SurfShark VPN Starter Plan for only $57, following an 80% discount from StackSocial on its original price of $290. You're going to have to hurry with your purchase if you're interested though, as we expect the offer and its savings of $233 to get sold out quickly.

Why you should buy the SurfShark VPN Starter Plan
First, you need to understand what is a VPN. Simply put, it's a necessity these days due to how much our daily lives rely on online activities. A VPN will protect your personal and financial information from cybercriminals, preventing headaches caused by identity theft and unauthorized charges on your credit cards. It will also allow you to bypass any geoblocking restrictions as you can have your device appear as if it's located in another place.

Read more