Elastic, the company known for its enterprise search and security products, has pushed back against recent claims of a serious vulnerability in its Defend endpoint detection and response (EDR) tool.
The controversy began after a small cybersecurity group, AshES Cybersecurity, published a blog post on August 16. In their write-up, they said they had discovered a “zero-day” bug, a term used to describe flaws that are unknown to the software maker and therefore left unpatched. According to AshES, the issue was a remote code execution (RCE) vulnerability in Elastic Defend’s kernel driver called elastic-endpoint-driver.sys. They suggested that an attacker could exploit this flaw to avoid being monitored by the EDR system, run malicious code, and even maintain long-term access to a computer.
To support their claims, the researcher from AshES described using a custom-built driver in a controlled test to trigger the flaw. However, the group did not provide Elastic with a full proof-of-concept (PoC) — the technical demonstration usually required to verify a security bug.
Elastic quickly responded with a det
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: