Elastic Defend EDR remote code execution claims rejected by vendor
Summary
Hide â˛
Show âŧ
Elastic has rejected claims of a zero-day remote code execution (RCE) flaw in its Defend endpoint detection and response (EDR) product. AshES Cybersecurity alleged a NULL pointer dereference flaw in the Defend kernel driver could bypass EDR protections, enable RCE, and establish persistence. Elastic's investigation found no evidence supporting these claims. The researcher did not share full details or proof-of-concept with Elastic, instead publishing videos and a blog post.
Timeline
-
19.08.2025 19:41 đ° 1 articles
Elastic rejects zero-day RCE claims in Defend EDR
Elastic has rejected claims of a zero-day remote code execution (RCE) flaw in its Defend EDR product. AshES Cybersecurity alleged a NULL pointer dereference flaw in the Defend kernel driver could bypass EDR protections, enable RCE, and establish persistence. Elastic's investigation found no evidence supporting these claims. The researcher did not share full details or proof-of-concept with Elastic, instead publishing videos and a blog post.
Show sources
- Elastic rejects claims of a zero-day RCE flaw in Defend EDR â www.bleepingcomputer.com â 19.08.2025 19:41
Information Snippets
-
AshES Cybersecurity published a blog post on August 16, 2025, claiming a zero-day RCE flaw in Elastic Defend.
First reported: 19.08.2025 19:41đ° 1 source, 1 articleShow sources
- Elastic rejects claims of a zero-day RCE flaw in Defend EDR â www.bleepingcomputer.com â 19.08.2025 19:41
-
The alleged flaw involves a NULL pointer dereference in the 'elastic-endpoint-driver.sys' kernel driver.
First reported: 19.08.2025 19:41đ° 1 source, 1 articleShow sources
- Elastic rejects claims of a zero-day RCE flaw in Defend EDR â www.bleepingcomputer.com â 19.08.2025 19:41
-
Elastic's Security Engineering team conducted a thorough investigation and found no evidence supporting the claims.
First reported: 19.08.2025 19:41đ° 1 source, 1 articleShow sources
- Elastic rejects claims of a zero-day RCE flaw in Defend EDR â www.bleepingcomputer.com â 19.08.2025 19:41
-
AshES Cybersecurity did not share the full details or proof-of-concept with Elastic, instead opting for public disclosure.
First reported: 19.08.2025 19:41đ° 1 source, 1 articleShow sources
- Elastic rejects claims of a zero-day RCE flaw in Defend EDR â www.bleepingcomputer.com â 19.08.2025 19:41
-
Elastic has a bug bounty program that has paid over $600,000 since 2017.
First reported: 19.08.2025 19:41đ° 1 source, 1 articleShow sources
- Elastic rejects claims of a zero-day RCE flaw in Defend EDR â www.bleepingcomputer.com â 19.08.2025 19:41