Skip to main content

Microsoft unleashes a MouseJack patch that may or may not actually work

Microsoft has released an optional update that addresses a hacking technique called “MouseJack.” The update patches a number of Microsoft-based wireless mice including the Sculpt Ergonomic mouse, the Arc Touch mouse, the Wireless Mouse 1000/2000/5000, and several others. This update does not address other mice manufactured by third-party suppliers.

“A vulnerability has been discovered that allows keyboard HID packets to be injected into Microsoft wireless mouse devices through USB dongles,” the company reports. “USB dongles will accept keyboard HID packets transmitted to the RF addresses of wireless mouse devices.”

Recommended Videos

According to Microsoft, the provided update actually filters out QWERTY key packets in keystroke communications issued from the receiving USB dongle to the wireless mouse device. The security issue currently resides in both 32-bit and 64-bit versions of Windows 7 Service Pack 1, Windows 8.1, Windows 10, and Windows 10 Version 1511.

Ok, so what’s this MouseJack business all about? It’s a technique that focuses on non-Bluetooth wireless keyboards and mice. These peripherals are connected to a desktop or laptop thanks to a dongle inserted into the USB port, enabling wireless transmissions between the host computer and the peripheral. The problem is that because these signals are sent over the air, hackers can use a special device to send their own malicious signals to the host PC in the same manner.

Security firm Bastille Research actually has a website dedicated to MouseJack information, and reports that hackers can take over a PC from up to 328 feet away. They can perform “rapidly malicious activities” without being detected by the device owner simply by sending scripted commands. Hackers can even type in arbitrary text as if the victims actually entered the text themselves.

“The MouseJack exploit centers around injecting unencrypted keystrokes into a target computer,” the firm states. “Mouse movements are usually sent unencrypted, and keystrokes are often encrypted (to prevent eavesdropping what is being typed). However, the MouseJack vulnerability takes advantage of affected receiver dongles, and their associated software, allowing unencrypted keystrokes transmitted by an attacker to be passed on to the computer’s operating system as if the victim had legitimately typed them.”

There is a list of vulnerable devices located here, including products manufactured by AmazonBasics, Dell, Gigabyte, HP, Lenovo, Logitech, and Microsoft. Dell actually provided a statement on February 23, saying that it has been working with Bastille Research to address the problem related to the KM632 and the KM714 devices.

Although Microsoft has issued an update to fix the MouseJack problem with its mice, security researcher Marc Newlin says that Windows customers using Microsoft-based mice are still vulnerable to MouseJack despite the patch. Even more, he says that injection still works against the Sculpt Ergonomic mouse and all non-Microsoft mice. There’s also no Windows Server support in the patch.

For more information about the new patch and how to perform a manual install, check out the Microsoft Security Advisory 3152550 here. Otherwise, Microsoft customers using one of its listed wireless products might want to consider grabbing the update when it arrives via Windows Update.

Kevin Parrish
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
The Dell XPS 13 and XPS 14 are both on sale at $300 off — hurry!
Angled front view of the Dell XPS 13 with Snapdragon X Elite processor inside.

Are you in the market for a new laptop? You simply can't go wrong with any of the Dell XPS deals that are available, and we've identified two of the best ones you can shop right now. The Dell XPS 13 9350, originally sold for $1,400, is down to $1,100 for savings of $300, while the Dell XPS 14 9440, which has a sticker price of $1,560, is on sale for $1,260, also following a $300 discount.

Following the Dell XPS reset early last year, the Dell XPS 13 and the Dell XPS 14 have further blossomed in popularity. That means you'll have to act fast if you're interested in either of these laptop deals though, as the stocks up for sale may run out at any moment.

Read more
Meta made insane offers in bid to nab OpenAI talent, Altman claims
OpenAI CEO Sam Altman during the Uncapped podcast in June 2025.

OpenAI chief Sam Altman has said that Meta tried to tempt his top AI researchers to switch sides by offering hiring bonuses of $100 million. Yes, you read that right -- $100 million. Altman said that up to now, none of his top team have left for Mark Zuckerberg's Meta.

Altman made the claim on Tuesday in the Uncapped podcast, hosted by his brother, Jack.

Read more
I hated the Macbook notch, but this app has made me love it
FocusNotch on a MacBook Air.

When Apple put a notch on the MacBook, I was immensely excited about the functional possibilities, the same kind you see built around the Dynamic Island on iPhones. Expanding live updates, current activities, and navigation guidance are just a few of the examples. 

Unfortunately, that is yet to happen on the MacBook. With the massive redesign across macOS Tahoe, I was again hopeful that the notch would finally find a purpose. Again, I was disappointed. Thankfully, the developer and open-source community have built some fantastic utilities that extract the best out of the boat-shaped notch. 

Read more