From 58ffd6fa2d0ff3b264322ffaf4eefe145e2f9663 Mon Sep 17 00:00:00 2001
From: "nastasha.solomon" <nastasha.solomon@elastic.co>
Date: Wed, 15 Jan 2025 14:16:31 -0500
Subject: [PATCH 1/4] First draft

---
 docs/release-notes/8.15.asciidoc | 1 +
 docs/release-notes/8.16.asciidoc | 1 +
 2 files changed, 2 insertions(+)

diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc
index 15d695b8cf..341b268692 100644
--- a/docs/release-notes/8.15.asciidoc
+++ b/docs/release-notes/8.15.asciidoc
@@ -38,6 +38,7 @@
 * Fixes a bug where {elastic-defend} could fail to properly enrich Windows API events for short-lived processes on older operating systems that didn't natively include this telemetry, such as Windows Server 2019. This could result in dropped or unattributed API events.  
 * Ensures that {elastic-defend} does not emit an empty `memory_region` if it can't enrich a memory region in an API event. After this fix, {elastic-defend} removes these fields.
 * Fixes an {elastic-defend} bug where Windows API events could be dropped if they contained Unicode characters that couldn't be converted to ANSI.
+* Fixes a race condition that could allow an attacker with administrative rights to disable {elastic-defend} on Windows. We would like to acknowledge Sean Moore (@Fr0g) at strafecybersecurity.com for their assistance.
 
 [discrete]
 [[release-notes-8.15.3]]
diff --git a/docs/release-notes/8.16.asciidoc b/docs/release-notes/8.16.asciidoc
index c0019219dc..8f9ce047ec 100644
--- a/docs/release-notes/8.16.asciidoc
+++ b/docs/release-notes/8.16.asciidoc
@@ -351,6 +351,7 @@ IMPORTANT: Even when the `excludedDataTiersForRuleExecution` advanced setting is
 * Fixes a bug that prevented host name uniformity with {beats} products. If you request {elastic-defend} to use the fully qualified domain name (FQDN) in the `host.name` field, {elastic-defend} now reports the FQDN exactly as the OS reports it, instead of lowercasing by default.
 * Fixes an {elastic-defend} bug in behavior protection alerts, where prevention alerts could mistakenly be labeled as detection alerts.
 * Fixes a bug that caused {elastic-defend} to crash if a Kafka connection is busy.
+* Fixes a race condition that could allow an attacker with administrative rights to disable {elastic-defend} on Windows. We would like to acknowledge Sean Moore (@Fr0g) at strafecybersecurity.com for their assistance.
 * Fixes scenarios where Automatic Import could generate invalid processors containing array access ({kibana-pull}196207[#196207]).
 * Improves Timeline's table performance when row renderers are switched on ({kibana-pull}193316[#193316]).
 * Fixes misaligned filter control labels on the Alerts page ({kibana-pull}192094[#192094]).
\ No newline at end of file

From 68db772cffd9b74126877a275fe834a6d3d3fdcb Mon Sep 17 00:00:00 2001
From: "nastasha.solomon" <nastasha.solomon@elastic.co>
Date: Wed, 15 Jan 2025 14:50:16 -0500
Subject: [PATCH 2/4] Fixes links

---
 docs/release-notes/8.15.asciidoc | 2 +-
 docs/release-notes/8.16.asciidoc | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc
index 341b268692..da5585cf00 100644
--- a/docs/release-notes/8.15.asciidoc
+++ b/docs/release-notes/8.15.asciidoc
@@ -38,7 +38,7 @@
 * Fixes a bug where {elastic-defend} could fail to properly enrich Windows API events for short-lived processes on older operating systems that didn't natively include this telemetry, such as Windows Server 2019. This could result in dropped or unattributed API events.  
 * Ensures that {elastic-defend} does not emit an empty `memory_region` if it can't enrich a memory region in an API event. After this fix, {elastic-defend} removes these fields.
 * Fixes an {elastic-defend} bug where Windows API events could be dropped if they contained Unicode characters that couldn't be converted to ANSI.
-* Fixes a race condition that could allow an attacker with administrative rights to disable {elastic-defend} on Windows. We would like to acknowledge Sean Moore (@Fr0g) at strafecybersecurity.com for their assistance.
+* Fixes a race condition that could allow an attacker with administrative rights to disable {elastic-defend} on Windows. We would like to acknowledge Sean Moore https://github.com/Fr0g[(@Fr0g)] at https://strafecybersecurity.com[strafecybersecurity.com] for their assistance.
 
 [discrete]
 [[release-notes-8.15.3]]
diff --git a/docs/release-notes/8.16.asciidoc b/docs/release-notes/8.16.asciidoc
index 8f9ce047ec..26f93d453c 100644
--- a/docs/release-notes/8.16.asciidoc
+++ b/docs/release-notes/8.16.asciidoc
@@ -351,7 +351,7 @@ IMPORTANT: Even when the `excludedDataTiersForRuleExecution` advanced setting is
 * Fixes a bug that prevented host name uniformity with {beats} products. If you request {elastic-defend} to use the fully qualified domain name (FQDN) in the `host.name` field, {elastic-defend} now reports the FQDN exactly as the OS reports it, instead of lowercasing by default.
 * Fixes an {elastic-defend} bug in behavior protection alerts, where prevention alerts could mistakenly be labeled as detection alerts.
 * Fixes a bug that caused {elastic-defend} to crash if a Kafka connection is busy.
-* Fixes a race condition that could allow an attacker with administrative rights to disable {elastic-defend} on Windows. We would like to acknowledge Sean Moore (@Fr0g) at strafecybersecurity.com for their assistance.
+* Fixes a race condition that could allow an attacker with administrative rights to disable {elastic-defend} on Windows. We would like to acknowledge Sean Moore https://github.com/Fr0g[(@Fr0g)] at https://strafecybersecurity.com[strafecybersecurity.com] for their assistance.
 * Fixes scenarios where Automatic Import could generate invalid processors containing array access ({kibana-pull}196207[#196207]).
 * Improves Timeline's table performance when row renderers are switched on ({kibana-pull}193316[#193316]).
 * Fixes misaligned filter control labels on the Alerts page ({kibana-pull}192094[#192094]).
\ No newline at end of file

From 97aa4345853b4f8904df2ad8b4439e34cae2c8a1 Mon Sep 17 00:00:00 2001
From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Wed, 15 Jan 2025 15:33:44 -0500
Subject: [PATCH 3/4] Update docs/release-notes/8.15.asciidoc

Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com>
---
 docs/release-notes/8.15.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.15.asciidoc b/docs/release-notes/8.15.asciidoc
index da5585cf00..43cedd86cd 100644
--- a/docs/release-notes/8.15.asciidoc
+++ b/docs/release-notes/8.15.asciidoc
@@ -38,7 +38,7 @@
 * Fixes a bug where {elastic-defend} could fail to properly enrich Windows API events for short-lived processes on older operating systems that didn't natively include this telemetry, such as Windows Server 2019. This could result in dropped or unattributed API events.  
 * Ensures that {elastic-defend} does not emit an empty `memory_region` if it can't enrich a memory region in an API event. After this fix, {elastic-defend} removes these fields.
 * Fixes an {elastic-defend} bug where Windows API events could be dropped if they contained Unicode characters that couldn't be converted to ANSI.
-* Fixes a race condition that could allow an attacker with administrative rights to disable {elastic-defend} on Windows. We would like to acknowledge Sean Moore https://github.com/Fr0g[(@Fr0g)] at https://strafecybersecurity.com[strafecybersecurity.com] for their assistance.
+* Fixes a race condition that could allow an attacker with administrative rights to disable {elastic-defend} on Windows. We would like to acknowledge Sean Moore (@Fr0g) at https://strafecybersecurity.com[strafecybersecurity.com] for their assistance.
 
 [discrete]
 [[release-notes-8.15.3]]

From e5570c9500dab6f70c9b58f636f932e526f29e4d Mon Sep 17 00:00:00 2001
From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
Date: Wed, 15 Jan 2025 15:33:50 -0500
Subject: [PATCH 4/4] Update docs/release-notes/8.16.asciidoc

Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com>
---
 docs/release-notes/8.16.asciidoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/8.16.asciidoc b/docs/release-notes/8.16.asciidoc
index 26f93d453c..6a56f0c52e 100644
--- a/docs/release-notes/8.16.asciidoc
+++ b/docs/release-notes/8.16.asciidoc
@@ -351,7 +351,7 @@ IMPORTANT: Even when the `excludedDataTiersForRuleExecution` advanced setting is
 * Fixes a bug that prevented host name uniformity with {beats} products. If you request {elastic-defend} to use the fully qualified domain name (FQDN) in the `host.name` field, {elastic-defend} now reports the FQDN exactly as the OS reports it, instead of lowercasing by default.
 * Fixes an {elastic-defend} bug in behavior protection alerts, where prevention alerts could mistakenly be labeled as detection alerts.
 * Fixes a bug that caused {elastic-defend} to crash if a Kafka connection is busy.
-* Fixes a race condition that could allow an attacker with administrative rights to disable {elastic-defend} on Windows. We would like to acknowledge Sean Moore https://github.com/Fr0g[(@Fr0g)] at https://strafecybersecurity.com[strafecybersecurity.com] for their assistance.
+* Fixes a race condition that could allow an attacker with administrative rights to disable {elastic-defend} on Windows. We would like to acknowledge Sean Moore (@Fr0g) at https://strafecybersecurity.com[strafecybersecurity.com] for their assistance.
 * Fixes scenarios where Automatic Import could generate invalid processors containing array access ({kibana-pull}196207[#196207]).
 * Improves Timeline's table performance when row renderers are switched on ({kibana-pull}193316[#193316]).
 * Fixes misaligned filter control labels on the Alerts page ({kibana-pull}192094[#192094]).
\ No newline at end of file