Windows 10: Microsoft USB Transceivers Vulnerable to MouseJack (HID Packet Injection)

Discus and support Microsoft USB Transceivers Vulnerable to MouseJack (HID Packet Injection) in Windows 10 Drivers and Hardware to solve the problem; I just started work for a community Credit Union and we have many Microsoft wireless keyboards, mice, and keyboard/mouse combos in use. From my... Discussion in 'Windows 10 Drivers and Hardware' started by Ryan_Maps, Sep 27, 2019.

  1. Ryan_Maps Win User

    Microsoft USB Transceivers Vulnerable to MouseJack (HID Packet Injection)


    I just started work for a community Credit Union and we have many Microsoft wireless keyboards, mice, and keyboard/mouse combos in use. From my investigation many of them are in the list of devices affected by the MouseJack HID Packet Injection vulnerability from 2016 (https://www.bastille.net/research/vulnerabilities/mousejack/affected-devices):
    * Microsoft 2.4GHz Transceiver (USB ID 045E:0745)
    * Microsoft USB Dongle Model 1461 (USB ID 045E:07A5)
    * Microsoft USB Dongle Model 1496 (USB ID 045E:07B2)

    In 2016 a Windows update was supplied that fixes the issue for mouse only devices (https://technet.microsoft.com/library/security/3152550). It does this by filtering out QWERTY key packets in keystroke communications issued from wireless mouse devices to receiving USB wireless dongles. This update does not correct the vulnerability for keyboards.

    I have spent approximately 5 hours (13 calls) on the phone with Microsoft getting bounced from one department to another trying to find out if there is a firmware update for these three USB transceivers, and if so what version remediates this vulnerability. Not one Microsoft Support Rep could answer any of my questions and just shuffled me off to other departments. The last Microsoft Support Rep I spoke with suggested I post here on the Community forums. I do not know how the Community would have details that I could not get directly from Microsoft but I will give it a try.

    The three posts I found on the Community forum about MouseJack are unresolved. They suggest that the vulnerability is minor and should be ignored, or just replace the keyboards/mice. As a Credit Union we cannot ignore this vulnerability and as a non-profit, wasting our Member's money when there is a fix is not acceptable.

    So, my questions are:
    1) Is there a firmware update to these devices that remediates the MouseJack vulnerability?
    2) If YES: What firmware version does this?
    3) If NO: Then we must replace these devices. What Microsoft keyboards / mice should I avoid as they are, or could be, vulnerable?

    Thank you very much for your time.
    Ryan

    PS: Sorry if this is in the wrong category. There are no options for hardware or security / vulnerabilities so I selected Windows / Windows 10 / Devices and Drivers.

    :)
     
    Ryan_Maps, Sep 27, 2019
    #1
  2. Brad2714 Win User

    MS Windows HID Functionality(Over USB) Code Execution Vulnerability - Any Resolution?

    On my vulnerability scans I keep getting this vulnerability showing up:
    MS Windows HID Functionality(Over USB) Code Execution Vulnerability
    . I have found a few workarounds related to disabling USB, but I was wondering if there was a fix for this vulnerability so it would not appear in vulnerability scans
     
    Brad2714, Sep 27, 2019
    #2
  3. Microsoft Sculpt Ergonomic Keyboard and Mouse USB transceivers

    I have a set of those keyboard and mouse. My mouse got broken so i bought a new one. I have 2 USB transceivers now. Is there anyway to program new or old usb transceiver through windows to connect either new mouse to old usb transceiver or old keyboard
    to new usb transceiver so as a result i will use only one usb transceiver for 2 devices as i used to before the old mouse got broken? Thanks in advance.
     
    Arthur Skulyar, Sep 27, 2019
    #3
  4. Microsoft USB Transceivers Vulnerable to MouseJack (HID Packet Injection)

    Lost of usb transceiver for wireless Microsoft Arc Keyboard.

    I've lost my usb transceiver dongle for my wireless Microsoft Arc Keyboard. Can I get a replacement for it without having to get a whole new keyboard just for that one transceiver.
     
    RainbowRain2, Sep 27, 2019
    #4
Thema:

Microsoft USB Transceivers Vulnerable to MouseJack (HID Packet Injection)

Loading...
  1. Microsoft USB Transceivers Vulnerable to MouseJack (HID Packet Injection) - Similar Threads - Microsoft USB Transceivers

  2. Microsoft Wireless Desktop 3050 with AES (PP3-00001) - USB Transceiver

    in Windows 10 Drivers and Hardware
    Microsoft Wireless Desktop 3050 with AES (PP3-00001) - USB Transceiver: I purchased the Microsoft Wireless Desktop 3050 in February 2019. The USB transceiver physically broke and is not longer usable. How to I purchase a replacement transceiver?...
  3. HID MOUSE USB behaviour on WIN10

    in Windows 10 Drivers and Hardware
    HID MOUSE USB behaviour on WIN10: I am trying to build my own mouse using old parts just for fun. I am more of a hardware guy. Where can I get more in-depth information about how the USB protocol works for HIDs on WIN10? More specifically, does the Mouse/Keyboard should always go to 'Suspend Mode' after a...
  4. Microsoft Wireless Keyboard usb transceiver

    in Windows 10 Drivers and Hardware
    Microsoft Wireless Keyboard usb transceiver: Hi there My usb dongle for my keyboard and mouse is broken. Do you provide a replacement? Thanks https://answers.microsoft.com/en-us/windows/forum/all/microsoft-wireless-keyboard-usb-transceiver/9362f2cb-a33b-4adf-b1da-99390ce0f149
  5. keyboard usb microsoft 2.4 ghz transceiver v7.0

    in Microsoft Windows 10 Store
    keyboard usb microsoft 2.4 ghz transceiver v7.0: Hello I want to know if the usb socket can be changed on the keyboard because mine does not work anymore https://answers.microsoft.com/en-us/windows/forum/all/keyboard-usb-microsoft-24-ghz-transceiver-v70/18213245-f9c8-440d-8bc4-1c7e7ff7d110"
  6. Microsoft Wireless Comfort Keyboard 5000 defective USB Wireless Transceiver (Not from Earth...

    in Windows 10 Drivers and Hardware
    Microsoft Wireless Comfort Keyboard 5000 defective USB Wireless Transceiver (Not from Earth...: As noted by others Keyboard stops working or you get weird stuff on the screen writing or like me Left Shift Key and Microsoft Groove activates. It's the USB Transceiver. Three PCs all the same. Second 5000 set up works fine on all three PCs. You'll find in the control...
  7. I can't inject my USB (HDD)

    in Windows 10 Customization
    I can't inject my USB (HDD): "进程 ID 为 4424 的应用程序 \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe 已停止删除或弹出设备 USB\VID_0480&PID_A202\20160729000231C。" While I was trying to inject it safely, this appears. I've restart the explorer a few times but...
  8. Replacement of USB Transceiver for Keyboard and Mouse (Microsoft Wireless Keyboard 2000)

    in Windows 10 Drivers and Hardware
    Replacement of USB Transceiver for Keyboard and Mouse (Microsoft Wireless Keyboard 2000): Hi, My USB Transceiver is not working anymore, I have the Microsoft Wireless Keyboard 2000, how can I get a replacement? Thanks in advance, regards, Rob...
  9. Protecting Microsoft Edge against binary injection

    in Windows 10 News
    Protecting Microsoft Edge against binary injection: In May, we announced that Microsoft Edge was saying goodbye to binary extensibility models such as ActiveX and Browser Helper Objects. This change made browsing in Windows faster, more secure, and more stable than ever, while paving the way for better interoperability with...
  10. [DLL] Injection Method used returned NULL (Injection failed).

    in Windows 10 Support
    [DLL] Injection Method used returned NULL (Injection failed).: Hi guys, I'm new to this forum; But I recently encountered a problem while injecting a .dll into a program. The error message is what the title says and I tried a lot of injectors and it returned the same error. Here's what I tried: Upgraded windows 8.1 to 10 Unblocked...