Search This Blog

Powered by Blogger.

Blog Archive

Labels

About Me

Elastic Denies Serious Security Flaw in Its Defend Software

Elastic stressed that without reproducible proof, such claims cannot be confirmed.

 



Elastic, the company known for its enterprise search and security products, has pushed back against recent claims of a serious vulnerability in its Defend endpoint detection and response (EDR) tool.

The controversy began after a small cybersecurity group, AshES Cybersecurity, published a blog post on August 16. In their write-up, they said they had discovered a “zero-day” bug, a term used to describe flaws that are unknown to the software maker and therefore left unpatched. According to AshES, the issue was a remote code execution (RCE) vulnerability in Elastic Defend’s kernel driver called elastic-endpoint-driver.sys. They suggested that an attacker could exploit this flaw to avoid being monitored by the EDR system, run malicious code, and even maintain long-term access to a computer.

To support their claims, the researcher from AshES described using a custom-built driver in a controlled test to trigger the flaw. However, the group did not provide Elastic with a full proof-of-concept (PoC) — the technical demonstration usually required to verify a security bug.

Elastic quickly responded with a detailed statement. Its internal Security Engineering team said they carried out a “thorough investigation” but were unable to find any evidence that the vulnerability exists. They also noted that AshES had sent in multiple reports but that none contained sufficient detail to recreate the alleged exploit. Elastic stressed that without reproducible proof, such claims cannot be confirmed.

The company also pointed out that AshES declined to share the PoC directly with Elastic or its bug bounty team. Instead, the researchers chose to publish their findings publicly, which runs counter to the practice of coordinated disclosure: a process where researchers privately alert a company first, allowing time to investigate and fix issues before public release.

Elastic reaffirmed that it takes all security reports seriously and highlighted its long-standing bug bounty program, which has been in place since 2017. Through this program, the company has paid more than $600,000 to independent researchers who responsibly report real, verifiable vulnerabilities.

At this stage, the alleged zero-day flaw remains unconfirmed, and Elastic maintains that no evidence supports the existence of the supposed bug.


Share it:

Cyber Security

EDR

elastic

PoC

Software

Zero Day