CVE-2024-57972
📋 TL;DR
This vulnerability allows remote attackers to cause Denial of Service on Microsoft HoloLens devices by sending excessive requests to the pairing API through the Device Portal framework. Attackers can consume device resources and render the device unusable. All HoloLens 1 and HoloLens 2 devices running vulnerable Windows Holographic versions are affected.
💻 Affected Systems
- Microsoft HoloLens 1
- Microsoft HoloLens 2
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device unavailability requiring physical reset or reimaging, potentially disrupting critical mixed reality operations in enterprise or medical environments.
Likely Case
Temporary device unresponsiveness requiring reboot, disrupting user workflows and causing productivity loss.
If Mitigated
Minimal impact with proper network segmentation and Device Portal disabled or restricted.
🎯 Exploit Status
Simple HTTP flood attack against Device Portal endpoint. References show proof-of-concept code available on GitHub.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to versions beyond 10.0.17763.3046 for HoloLens 1 and beyond 10.0.22621.1244 for HoloLens 2
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-57972
Restart Required: Yes
Instructions:
1. Connect HoloLens to internet. 2. Go to Settings > Update & Security > Windows Update. 3. Check for updates. 4. Install available updates. 5. Restart device when prompted.
🔧 Temporary Workarounds
Disable Device Portal
windowsTurn off the Device Portal feature to prevent remote API access
Settings > Update & Security > For developers > Enable Device Portal (toggle OFF)
Restrict Device Portal Access
windowsConfigure Device Portal to require authentication and restrict to specific IPs
Settings > Update & Security > For developers > Device Portal > Configure connection types and authentication
🧯 If You Can't Patch
- Disable Device Portal completely in production environments
- Implement network segmentation to isolate HoloLens devices from untrusted networks
🔍 How to Verify
Check if Vulnerable:
Check Windows Holographic version: Settings > System > About > OS Build. If HoloLens 1 version is ≤ 10.0.17763.3046 or HoloLens 2 version is ≤ 10.0.22621.1244, device is vulnerable.Check Version:
Settings > System > About > OS BuildVerify Fix Applied:
Verify OS Build number exceeds vulnerable versions after update. Confirm Device Portal is disabled or properly secured.📡 Detection & Monitoring
Log Indicators:
- High volume of HTTP requests to Device Portal endpoints
- Device Portal service crashes or high resource usage
Network Indicators:
- Unusual HTTP traffic patterns to HoloLens Device Portal port (typically 10080)
- Multiple rapid requests to /api/pairing endpoint
SIEM Query:
source_ip:* destination_port:10080 AND (uri_path:"/api/pairing" OR user_agent:"DevicePortal") AND request_count > threshold