The patch filters wireless mouse input to make sure no rogue keystrokes are passed to computers Alongside its batch of mandatory security patches released Tuesday, Microsoft also issued an optional update aimed at protecting Windows computers against an attack that could hijack wireless mice to execute malicious commands.The attack, dubbed MouseJack, affects wireless mice and keyboards from many manufacturers, including Microsoft. It was discovered and presented earlier this year by security researchers from IoT security firm Bastille Networks.MouseJack exploits several vulnerabilities in the communications protocols between the USB dongles plugged into computers and the wireless mice and keyboards that are paired with them. These flaws allow attackers to spoof a wireless mouse from up to 100 meters away and send rogue keystrokes instead of clicks to a computer.The new KB3152550 update blocks this type of attack through a driver that filters input from affected Microsoft wireless mice to make sure that there are no QWERTY key frames that normally indicate keyboard traffic. The update is available for Windows 7, 8.1 and 10, but not Windows Server. It only protects standalone wireless mice and not those that are bundled together with a keyboard as part of Microsoft’s desktop set products.According to a Microsoft security advisory, the devices affected by this attack are: Sculpt Ergonomic mouse, Sculpt Mobile Mouse, Wireless Mobile Mouse 3000 v2.0, Wireless Mobile Mouse 3500, Wireless Mobile Mouse 4000, Wireless Mouse 1000, Wireless Mouse 2000, Wireless Mouse 5000 and Arc Touch Mouse. Marc Newlin, one of the Bastille security researchers who developed the MouseJack attack, criticized the limits of Microsoft’s patch on Twitter.“Windows users are still vulnerable to #MouseJack attacks via @microsoft mice after the 3152550 patch,” he said. “Injection still works against MS Sculpt Ergonomic Mouse and non-MS mice.”Either way, Microsoft mouse owners are better off installing the update. If Windows automatic updates are enabled, the patch will be downloaded and installed automatically. Users who have their OS configured for manual updates can install the fix by following instructions provided by Microsoft in a knowledge base article. Related content news UK Cyber Security Council CEO reflects on a year of progress Professor Simon Hepburn sits down with broadcaster ITN to discuss Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity. By Michael Hill Sep 27, 2023 3 mins Government Government Government news FIDO Alliance certifies security of edge nodes, IoT devices Certification demonstrates that products are at low risk of cyberthreats and will interoperate securely. By Michael Hill Sep 27, 2023 3 mins Certifications Internet Security Security Hardware news analysis Web app, API attacks surge as cybercriminals target financial services The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks. By Michael Hill Sep 27, 2023 6 mins Financial Services Industry Cyberattacks Application Security news Immersive Labs adds custom 'workforce exercising' for each organizational role With the new workforce exercising capability, CISOs will be able to see each role’s cybersecurity readiness, risk areas, and exercise progress. By Shweta Sharma Sep 27, 2023 3 mins Security Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe