The risk of Microsoft wireless mouse hijacking has been addressed this week. An optional fix was released as part of the latest KB3152550 Windows update. The update is for Windows 7, 8.1, and 10, although Microsoft has not addressed the flaw in Windows Server.
Earlier this year security researchers from Bastille Networks discovered a vulnerability with wireless mice and keyboards which could potentially be exploited by hackers and used to remotely execute commands on computers. The vulnerability affected a number of providers of wireless mice and keyboards.
The vulnerability – termed MouseJack – can be used to exploit a number of vulnerabilities in the protocols used by the hardware to communicate with computers. Attackers can potentially spoof mice and keyboards, although they would need to be in close proximity to the devices to do so. This could be up to 100M away.
Attackers could use a wireless Internet connection from outside the company premises to take advantage of the MouseJack vulnerability and inject HID packets via USB dongles. Bastille Networks researchers discovered many wireless mice accept keyboard HID packets transmitted to the RF addresses of wireless mice.
The Microsoft update improves security by filtering out QWERTY key packets in keystrokes received by wireless mouse USB dongles.
The risk of Microsoft wireless mouse hijacking is relatively low, although it should not be ignored. All organizations that use wireless Microsoft mice should install the patch. If devices have been set to update automatically the patch should already have been installed.
Unfortunately, there is still a risk of Microsoft wireless mouse hijacking for users of the Sculpt Ergonomic Mouse, which was not fixed in the latest update. Non-Microsoft wireless mice may also still be at risk. Users of other wireless mice should consult the websites of the manufacturers to determine whether patches have been released.