From 155b03328a5983a9611829063e82d0a3e7cfb664 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic Date: Thu, 6 Nov 2025 14:12:18 +0000 Subject: [PATCH 1/3] [Security] 9.1.7 release notes --- release-notes/elastic-security/index.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/release-notes/elastic-security/index.md b/release-notes/elastic-security/index.md index 321a4973b7..f0d576ce63 100644 --- a/release-notes/elastic-security/index.md +++ b/release-notes/elastic-security/index.md @@ -123,6 +123,28 @@ To check for security updates, go to [Security announcements for the Elastic sta * Fixes an issue in {{elastic-defend}} that could result in a crash if a specified {{ls}} output configuration contained a certificate that couldn't be parsed. +## 9.1.7 [elastic-security-9.1.7-release-notes] + +### Features and enhancements [elastic-security-9.1.7-features-enhancements] +* Improves the reliability of Cloud Security Posture (CSP) data by automatically upgrading outdated Misconfiguration and Vulnerabilities data views to the correct versions [#238547]({{kib-pull}}238547). +* Adds more {{elastic-defend}} options to the {{ls}} output, allowing for finer control. +* Improves the accuracy of thread CPU usage reported in {{elastic-defend}} metrics documents. + + +### Fixes [elastic-security-9.1.7-fixes] +* Fixes entity flyout **Risk contributions** tab link [#241153]({{kib-pull}}241153). +* Fixes a pagination issue with the data table on the **Indicators** page [#241108]({{kib-pull}}241108). +* Fixes a react-query key collision that occurred when two different integration lookups shared the same key, which could cause errors when navigating between pages [#240517]({{kib-pull}}240517). +* Allows partial matches on rule name when searching installed rules [#237496]({{kib-pull}}237496). +* Fixes an issue where rule exception operators could not be cleared when editing a rule exception [#236051]({{kib-pull}}236051). +* Fixes an {{elastic-defend}} issue on Linux by preventing unnecessary locking within malware protection to avoid invalid watchdog firings. +* Fixes issues that could sometimes cause crashes of the {{elastic-defend}} user-mode process on very busy Windows systems. +* Fixes multiple {{elastic-defend}} issues in malware protection for Linux where a deadlock could sometimes occur when containers and autofs were both active. +* Fixes an {{elastic-defend}} issue on Windows which could allow a low-privilege attacker to delete arbitrary files on the system and potentially escalate privileges to SYSTEM. Windows 11 24H2 includes changes which make this issue harder to exploit. +* Fixes an {{elastic-defend}} bug in Linux event collection where some long-running processes were not enriched. +* Fixes an issue in {{elastic-defend}} that could cause the `get-file` and `execute` response actions to start failing after many are issued with a single running instance of {{elastic-defend}}. + + ## 9.1.6 [elastic-security-9.1.6-release-notes] ### Features and enhancements [elastic-security-9.1.6-features-enhancements] From 0771b3b86ccdc71734c51c74562e95c1766f0006 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Date: Fri, 7 Nov 2025 12:10:43 +0000 Subject: [PATCH 2/3] Apply suggestions from code review Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Co-authored-by: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com> --- release-notes/elastic-security/index.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/release-notes/elastic-security/index.md b/release-notes/elastic-security/index.md index f0d576ce63..0041044a77 100644 --- a/release-notes/elastic-security/index.md +++ b/release-notes/elastic-security/index.md @@ -126,7 +126,7 @@ To check for security updates, go to [Security announcements for the Elastic sta ## 9.1.7 [elastic-security-9.1.7-release-notes] ### Features and enhancements [elastic-security-9.1.7-features-enhancements] -* Improves the reliability of Cloud Security Posture (CSP) data by automatically upgrading outdated Misconfiguration and Vulnerabilities data views to the correct versions [#238547]({{kib-pull}}238547). +* Improves the reliability of Cloud Security Posture (CSP) data by automatically upgrading outdated Misconfiguration and Vulnerabilities data views to the correct versions [#238547]({{kib-pull}}238547). * Adds more {{elastic-defend}} options to the {{ls}} output, allowing for finer control. * Improves the accuracy of thread CPU usage reported in {{elastic-defend}} metrics documents. @@ -140,9 +140,9 @@ To check for security updates, go to [Security announcements for the Elastic sta * Fixes an {{elastic-defend}} issue on Linux by preventing unnecessary locking within malware protection to avoid invalid watchdog firings. * Fixes issues that could sometimes cause crashes of the {{elastic-defend}} user-mode process on very busy Windows systems. * Fixes multiple {{elastic-defend}} issues in malware protection for Linux where a deadlock could sometimes occur when containers and autofs were both active. -* Fixes an {{elastic-defend}} issue on Windows which could allow a low-privilege attacker to delete arbitrary files on the system and potentially escalate privileges to SYSTEM. Windows 11 24H2 includes changes which make this issue harder to exploit. +* Fixes CVE-2025-37735 ([ESA-2025-23](https://discuss.elastic.co/t/elastic-defend-8-19-6-9-1-6-and-9-2-0-security-update-esa-2025-23/383272)) in {{elastic-defend}} on Windows which could allow a low-privilege attacker to delete arbitrary files on the system and potentially escalate privileges to SYSTEM. Windows 11 24H2 includes changes which make this issue harder to exploit. * Fixes an {{elastic-defend}} bug in Linux event collection where some long-running processes were not enriched. -* Fixes an issue in {{elastic-defend}} that could cause the `get-file` and `execute` response actions to start failing after many are issued with a single running instance of {{elastic-defend}}. +* Fixes an {{elastic-defend}} issue that could cause the `get-file` and `execute` response actions to fail after many were issued with a single running instance of {{elastic-defend}}. ## 9.1.6 [elastic-security-9.1.6-release-notes] From 7da6f812a70a3e107f5fe01d447a014a09ef5f63 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Date: Fri, 7 Nov 2025 13:36:02 +0000 Subject: [PATCH 3/3] Update release-notes/elastic-security/index.md Co-authored-by: Steven de Salas --- release-notes/elastic-security/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release-notes/elastic-security/index.md b/release-notes/elastic-security/index.md index 0041044a77..47e0590873 100644 --- a/release-notes/elastic-security/index.md +++ b/release-notes/elastic-security/index.md @@ -135,7 +135,7 @@ To check for security updates, go to [Security announcements for the Elastic sta * Fixes entity flyout **Risk contributions** tab link [#241153]({{kib-pull}}241153). * Fixes a pagination issue with the data table on the **Indicators** page [#241108]({{kib-pull}}241108). * Fixes a react-query key collision that occurred when two different integration lookups shared the same key, which could cause errors when navigating between pages [#240517]({{kib-pull}}240517). -* Allows partial matches on rule name when searching installed rules [#237496]({{kib-pull}}237496). +* Fixes multiple issues searching installed rules by allowing partial matches on rule name and improving special character support [#237496]({{kib-pull}}237496). * Fixes an issue where rule exception operators could not be cleared when editing a rule exception [#236051]({{kib-pull}}236051). * Fixes an {{elastic-defend}} issue on Linux by preventing unnecessary locking within malware protection to avoid invalid watchdog firings. * Fixes issues that could sometimes cause crashes of the {{elastic-defend}} user-mode process on very busy Windows systems.