Sara Paiva

**Name of the Vulnerable Software and Affected Versions** Microsoft HoloLens 1 (Windows Holographic) versions 10.0.17763.3046 and earlier Microsoft HoloLens 2 (Windows Holographic) versions 10.0.22621.1244 and earlier **Description** The pairing API request handler in Microsoft HoloLens allows remote attackers to cause a Denial of Service by sending many requests through the Device Portal framework, resulting in resource consumption and device unusability. **Recommendations** For Microsoft HoloLens 1 (Windows Holographic) versions 10.0.17763.3046 and earlier, update to a version later than 10.0.17763.3046 to resolve the issue. For Microsoft HoloLens 2 (Windows Holographic) versions 10.0.22621.1244 and earlier, update to a version later than 10.0.22621.1244 to resolve the issue. As a temporary workaround, consider restricting access to the Device Portal framework to minimize the risk of exploitation.