[Request][8.15.4 & 8.16.0] Add RN summary about Defend bug fix (#6429)

* First draft * Fixes links * Update docs/release-notes/8.15.asciidoc Co-authored-by: Gabriel Landau <[email protected]> * Update docs/release-notes/8.16.asciidoc Co-authored-by: Gabriel Landau <[email protected]> --------- Co-authored-by: Gabriel Landau <[email protected]>
elastic · Jan 16, 2025 · 471a633 · 471a633
1 parent 2504389
commit 471a633
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 0 deletions.
diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc
@@ -38,6 +38,7 @@
 * Fixes a bug where {elastic-defend} could fail to properly enrich Windows API events for short-lived processes on older operating systems that didn't natively include this telemetry, such as Windows Server 2019. This could result in dropped or unattributed API events.  
 * Ensures that {elastic-defend} does not emit an empty `memory_region` if it can't enrich a memory region in an API event. After this fix, {elastic-defend} removes these fields.
 * Fixes an {elastic-defend} bug where Windows API events could be dropped if they contained Unicode characters that couldn't be converted to ANSI.
+* Fixes a race condition that could allow an attacker with administrative rights to disable {elastic-defend} on Windows. We would like to acknowledge Sean Moore (@Fr0g) at https://strafecybersecurity.com[strafecybersecurity.com] for their assistance.
 
 [discrete]
 [[release-notes-8.15.3]]

diff --git a/docs/release-notes/8.16.asciidoc b/docs/release-notes/8.16.asciidoc
@@ -351,6 +351,7 @@ IMPORTANT: Even when the `excludedDataTiersForRuleExecution` advanced setting is
 * Fixes a bug that prevented host name uniformity with {beats} products. If you request {elastic-defend} to use the fully qualified domain name (FQDN) in the `host.name` field, {elastic-defend} now reports the FQDN exactly as the OS reports it, instead of lowercasing by default.
 * Fixes an {elastic-defend} bug in behavior protection alerts, where prevention alerts could mistakenly be labeled as detection alerts.
 * Fixes a bug that caused {elastic-defend} to crash if a Kafka connection is busy.
+* Fixes a race condition that could allow an attacker with administrative rights to disable {elastic-defend} on Windows. We would like to acknowledge Sean Moore (@Fr0g) at https://strafecybersecurity.com[strafecybersecurity.com] for their assistance.
 * Fixes scenarios where Automatic Import could generate invalid processors containing array access ({kibana-pull}196207[#196207]).
 * Improves Timeline's table performance when row renderers are switched on ({kibana-pull}193316[#193316]).
 * Fixes misaligned filter control labels on the Alerts page ({kibana-pull}192094[#192094]).