Código HTML do Conteúdo
Post: Elastic rejects claims of a zero-day RCE flaw in Defend EDR - Against Invaders - Notícias de CyberSecurity para humanos.
<div>
<div>
<p>Enterprise search and security company Elastic is rejecting reports of a zero-day vulnerability impacting its Defend endpoint detection and response (EDR) product.</p>
<p>The company’s statement follows a blog post froma company called AshES Cybersecurityclaiming to have discovereda remote code execution (RCE) flaw in Elastic Defend that would allow an attacker to bypass EDR protections.</p>
<p>Elastic’s Security Engineering team “conducted a thorough investigation” but could not find “evidence supporting the claims of a vulnerability that bypasses EDR monitoring and enables remote code execution.”</p>
<h3>Zero-day claims</h3>
<p>According to AshES Cybersecurity’s <a href="http://ashes-cybersecurity.com/0-day-research/" rel="nofollow noopener" target="_blank">write-up</a> from August 16,a NULL pointer dereference flaw in Elastic Defender’s kernel driver, ‘elastic-endpoint-driver.sys’ could be weaponized to bypassEDR monitoring, enableremote code execution with reduced visibility, and establishpersistence on the system.</p>
<p>“For proof-of-concept demonstration, I used a custom driver to reliably trigger the flaw under controlled conditions,” theAshES Cybersecurity researcher says.</p>
<p>To show the validity of the finding, the company published two videos, one showing Windows crashing because Elastic’s driver failed, and another showing the alleged exploit starting calc.exe without Elastic’s Defend EDR taking action.</p>
<p>“The Elastic driver 0-day is not just a stability bug. It enables a full attack chain that adversaries can exploit inside real environments,” the researcher claims.</p>
<h3>Elastic’s rejection</h3>
<p>After evaluatingAshES Cybersecurity’s claims and reports, Elastic was not able to reproduce the vulnerability and its effects.</p>
<p>Furthermore, Elastic says that the multiple reports it received fromAshES Cybersecurity for the alleged zero-day bug “lacked evidence of reproducible exploits.”</p>
<p>“Elastic Security Engineering and our bug bounty triage team completed a thorough analysis trying to reproduce these reports and were unable to do so. Researchers are required to share reproducible proof-of-concepts; however, they declined” – <a href="https://www.elastic.co/blog/elastic-response-edr-0-day-vulnerability-blog" rel="nofollow noopener" target="_blank">Elastic</a></p>
<p>AshES Cybersecurity<a href="https://www.documentcloud.org/documents/26055314-ashes-cybersecurity-elastic-0-day-statement/" rel="nofollow noopener" target="_blank">confirmed</a> that they chose not to send the PoC to Elastic or the company’s affiliates.</p>
<p>Elastic says that the researcher did not share the full details for the vulnerability and instead decided to make their claims public instead of following the principles of coordinated disclosure.</p>
<p>Elastic reaffirmed that they take all security reports seriously and, starting 2017, paid more than $600,000 to researchers through the company’s bug bounty program.</p>
<p><a href="https://hubs.li/Q03B5Kw_0" rel="noopener sponsored" target="_blank"><br />
<img decoding="async" alt="Picus Blue Report 2025" src="https://datalake.azaeo.com/wp-content/uploads/2025/08/blue-report-2025.jpg"><br />
</a>
</p>
</div></div>