Hash: SHA1

             AUSCERT External Security Bulletin Redistribution

             Update to Improve Wireless Mouse Input Filtering
                               13 April 2016


        AusCERT Security Bulletin Summary

Product:           Microsoft wireless mouse devices
Publisher:         Microsoft
Operating System:  Windows 7
                   Windows 8.1
                   Windows 10
Impact/Access:     Reduced Security -- Console/Physical
Resolution:        Patch/Upgrade

Original Bulletin: 

- --------------------------BEGIN INCLUDED TEXT--------------------

Microsoft Security Advisory 3152550

Update to Improve Wireless Mouse Input Filtering

Published: April 12, 2016

Version: 1.0

Executive Summary

Microsoft is announcing the availability of an update to improve input 
filtering for certain Microsoft wireless mouse devices. The update enhances 
security by filtering out QWERTY key packets in keystroke communications 
issued from receiving USB wireless dongles to wireless mouse devices. This 
improvement is part of ongoing efforts to improve the effectiveness of 
security in Windows and Microsoft devices. For more information, see Microsoft
Knowledge Base Article 3152550.

A vulnerability has been discovered that allows keyboard HID packets to be 
injected into Microsoft wireless mouse devices through USB dongles. USB 
dongles will accept keyboard HID packets transmitted to the RF addresses of 
wireless mouse devices.


Microsoft recommends installing a filter driver available as an optional 
update for customers who use wireless mouse devices affected by this 
vulnerability. For the list of affected devices, see the Affected Devices 
section. For more information about affected operating systems, see the 
Affected Software section.

Microsoft recommends that customers test any new settings prior to 
implementation in their environments. Please see the Suggested Actions section
of this advisory for more information.

Affected Software

This update in this advisory applies to the following operating systems:

Windows 7

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1

Windows 8.1 for 32-bit Systems

Windows 8.1 for x64-based Systems

Windows 10

Windows 10 for 32-bit Systems[1]

Windows 10 for x64-based Systems[1]

Windows 10 Version 1511 for 32-bit Systems[1]

Windows 10 Version 1511 for x64-based Systems[1]

[1] Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog
Affected Devices

For this advisory, the following Microsoft wireless devices are affected:

Sculpt Ergonomic mouse

Sculpt Mobile Mouse

Wireless Mobile Mouse 3000 v2.0

Wireless Mobile Mouse 3500

Wireless Mobile Mouse 4000

Wireless Mouse 1000

Wireless Mouse 2000

Wireless Mouse 5000

Arc Touch Mouse

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: http://www.auscert.org.au/render.html?it=1967