From 471a633b38ea56ce5b03e197a96a2822549c1b67 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Thu, 16 Jan 2025 13:08:35 -0500 Subject: [PATCH] [Request][8.15.4 & 8.16.0] Add RN summary about Defend bug fix (#6429) * First draft * Fixes links * Update docs/release-notes/8.15.asciidoc Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com> * Update docs/release-notes/8.16.asciidoc Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com> --------- Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com> --- docs/release-notes/8.15.asciidoc | 1 + docs/release-notes/8.16.asciidoc | 1 + 2 files changed, 2 insertions(+) diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc index 15d695b8cf..43cedd86cd 100644 --- a/docs/release-notes/8.15.asciidoc +++ b/docs/release-notes/8.15.asciidoc @@ -38,6 +38,7 @@ * Fixes a bug where {elastic-defend} could fail to properly enrich Windows API events for short-lived processes on older operating systems that didn't natively include this telemetry, such as Windows Server 2019. This could result in dropped or unattributed API events. * Ensures that {elastic-defend} does not emit an empty `memory_region` if it can't enrich a memory region in an API event. After this fix, {elastic-defend} removes these fields. * Fixes an {elastic-defend} bug where Windows API events could be dropped if they contained Unicode characters that couldn't be converted to ANSI. +* Fixes a race condition that could allow an attacker with administrative rights to disable {elastic-defend} on Windows. We would like to acknowledge Sean Moore (@Fr0g) at https://strafecybersecurity.com[strafecybersecurity.com] for their assistance. [discrete] [[release-notes-8.15.3]] diff --git a/docs/release-notes/8.16.asciidoc b/docs/release-notes/8.16.asciidoc index c0019219dc..6a56f0c52e 100644 --- a/docs/release-notes/8.16.asciidoc +++ b/docs/release-notes/8.16.asciidoc @@ -351,6 +351,7 @@ IMPORTANT: Even when the `excludedDataTiersForRuleExecution` advanced setting is * Fixes a bug that prevented host name uniformity with {beats} products. If you request {elastic-defend} to use the fully qualified domain name (FQDN) in the `host.name` field, {elastic-defend} now reports the FQDN exactly as the OS reports it, instead of lowercasing by default. * Fixes an {elastic-defend} bug in behavior protection alerts, where prevention alerts could mistakenly be labeled as detection alerts. * Fixes a bug that caused {elastic-defend} to crash if a Kafka connection is busy. +* Fixes a race condition that could allow an attacker with administrative rights to disable {elastic-defend} on Windows. We would like to acknowledge Sean Moore (@Fr0g) at https://strafecybersecurity.com[strafecybersecurity.com] for their assistance. * Fixes scenarios where Automatic Import could generate invalid processors containing array access ({kibana-pull}196207[#196207]). * Improves Timeline's table performance when row renderers are switched on ({kibana-pull}193316[#193316]). * Fixes misaligned filter control labels on the Alerts page ({kibana-pull}192094[#192094]). \ No newline at end of file