CVE-2024-57972

Name of the Vulnerable Software and Affected Versions Microsoft HoloLens 1 (Windows Holographic) versions 10.0.17763.3046 and earlier Microsoft HoloLens 2 (Windows Holographic) versions 10.0.22621.1244 and earlier

Description The pairing API request handler in Microsoft HoloLens allows remote attackers to cause a Denial of Service by sending many requests through the Device Portal framework, resulting in resource consumption and device unusability.

Recommendations For Microsoft HoloLens 1 (Windows Holographic) versions 10.0.17763.3046 and earlier, update to a version later than 10.0.17763.3046 to resolve the issue. For Microsoft HoloLens 2 (Windows Holographic) versions 10.0.22621.1244 and earlier, update to a version later than 10.0.22621.1244 to resolve the issue. As a temporary workaround, consider restricting access to the Device Portal framework to minimize the risk of exploitation.