diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc
index 15d695b8cf..43cedd86cd 100644
--- a/docs/release-notes/8.15.asciidoc
+++ b/docs/release-notes/8.15.asciidoc
@@ -38,6 +38,7 @@
 * Fixes a bug where {elastic-defend} could fail to properly enrich Windows API events for short-lived processes on older operating systems that didn't natively include this telemetry, such as Windows Server 2019. This could result in dropped or unattributed API events.  
 * Ensures that {elastic-defend} does not emit an empty `memory_region` if it can't enrich a memory region in an API event. After this fix, {elastic-defend} removes these fields.
 * Fixes an {elastic-defend} bug where Windows API events could be dropped if they contained Unicode characters that couldn't be converted to ANSI.
+* Fixes a race condition that could allow an attacker with administrative rights to disable {elastic-defend} on Windows. We would like to acknowledge Sean Moore (@Fr0g) at https://strafecybersecurity.com[strafecybersecurity.com] for their assistance.
 
 [discrete]
 [[release-notes-8.15.3]]
diff --git a/docs/release-notes/8.16.asciidoc b/docs/release-notes/8.16.asciidoc
index c0019219dc..6a56f0c52e 100644
--- a/docs/release-notes/8.16.asciidoc
+++ b/docs/release-notes/8.16.asciidoc
@@ -351,6 +351,7 @@ IMPORTANT: Even when the `excludedDataTiersForRuleExecution` advanced setting is
 * Fixes a bug that prevented host name uniformity with {beats} products. If you request {elastic-defend} to use the fully qualified domain name (FQDN) in the `host.name` field, {elastic-defend} now reports the FQDN exactly as the OS reports it, instead of lowercasing by default.
 * Fixes an {elastic-defend} bug in behavior protection alerts, where prevention alerts could mistakenly be labeled as detection alerts.
 * Fixes a bug that caused {elastic-defend} to crash if a Kafka connection is busy.
+* Fixes a race condition that could allow an attacker with administrative rights to disable {elastic-defend} on Windows. We would like to acknowledge Sean Moore (@Fr0g) at https://strafecybersecurity.com[strafecybersecurity.com] for their assistance.
 * Fixes scenarios where Automatic Import could generate invalid processors containing array access ({kibana-pull}196207[#196207]).
 * Improves Timeline's table performance when row renderers are switched on ({kibana-pull}193316[#193316]).
 * Fixes misaligned filter control labels on the Alerts page ({kibana-pull}192094[#192094]).
\ No newline at end of file