{"id":10346,"date":"2025-11-10T19:47:35","date_gmt":"2025-11-10T12:47:35","guid":{"rendered":"https:\/\/infosec.new88088.net\/?p=10346"},"modified":"2026-02-03T19:48:42","modified_gmt":"2026-02-03T12:48:42","slug":"elastic-defend-dinh-lo-hong-nghiem-trong-cho-phep-xoa-tep-va-leo-thang-dac-quyen","status":"publish","type":"post","link":"https:\/\/infosec.new88088.net\/2025\/11\/10\/elastic-defend-dinh-lo-hong-nghiem-trong-cho-phep-xoa-tep-va-leo-thang-dac-quyen\/","title":{"rendered":"Elastic Defend d\u00ednh l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng cho ph\u00e9p x\u00f3a t\u1ec7p v\u00e0 leo thang \u0111\u1eb7c quy\u1ec1n"},"content":{"rendered":"<p data-start=\"60\" data-end=\"548\">Elastic v\u1eeba ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 b\u1ea3o m\u1eadt \u0111\u1ec3 kh\u1eafc ph\u1ee5c m\u1ed9t l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng trong Elastic Defend, th\u00e0nh ph\u1ea7n b\u1ea3o v\u1ec7 \u0111i\u1ec3m cu\u1ed1i thu\u1ed9c b\u1ed9 Elastic Security. L\u1ed7 h\u1ed5ng mang m\u00e3 CVE-2025-37735, b\u1eaft ngu\u1ed3n t\u1eeb c\u01a1 ch\u1ebf b\u1ea3o to\u00e0n quy\u1ec1n truy c\u1eadp kh\u00f4ng ch\u00ednh x\u00e1c, khi\u1ebfn d\u1ecbch v\u1ee5 Defend khi ch\u1ea1y v\u1edbi quy\u1ec1n SYSTEM c\u00f3 th\u1ec3 b\u1ecb l\u1ee3i d\u1ee5ng \u0111\u1ec3 x\u00f3a t\u1ec7p t\u00f9y \u00fd tr\u00ean m\u00e1y Windows. Trong m\u1ed9t s\u1ed1 k\u1ecbch b\u1ea3n, h\u00e0nh vi n\u00e0y c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn leo thang \u0111\u1eb7c quy\u1ec1n c\u1ee5c b\u1ed9 v\u00e0 cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t ho\u00e0n to\u00e0n h\u1ec7 th\u1ed1ng.<\/p>\n<p data-start=\"60\" data-end=\"548\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone  wp-image-10347\" src=\"https:\/\/infosec.new88088.net\/wp-content\/uploads\/sites\/20\/2026\/02\/Elastic-Defend-300x167.png\" alt=\"\" width=\"708\" height=\"394\" srcset=\"https:\/\/infosec.new88088.net\/wp-content\/uploads\/sites\/20\/2026\/02\/Elastic-Defend-300x167.png 300w, https:\/\/infosec.new88088.net\/wp-content\/uploads\/sites\/20\/2026\/02\/Elastic-Defend.png 700w\" sizes=\"(max-width: 708px) 100vw, 708px\" \/><\/p>\n<p data-start=\"550\" data-end=\"1011\">CVE-2025-37735 \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 m\u1ee9c \u0111\u1ed9 cao v\u1edbi \u0111i\u1ec3m CVSS 7.0, ph\u1ea3n \u00e1nh r\u1ee7i ro \u0111\u00e1ng k\u1ec3 \u0111\u1ed1i v\u1edbi t\u00ednh to\u00e0n v\u1eb9n v\u00e0 b\u1ea3o m\u1eadt h\u1ec7 th\u1ed1ng. Khi m\u1ed9t ti\u1ebfn tr\u00ecnh b\u1ea3o m\u1eadt \u0111\u01b0\u1ee3c c\u1ea5p quy\u1ec1n cao nh\u1ea5t nh\u01b0ng l\u1ea1i c\u00f3 th\u1ec3 b\u1ecb thao t\u00fang, h\u1eadu qu\u1ea3 kh\u00f4ng ch\u1ec9 l\u00e0 m\u1ea5t d\u1eef li\u1ec7u m\u00e0 c\u00f2n m\u1edf ra c\u01a1 h\u1ed9i cho c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng s\u00e2u h\u01a1n. \u0110\u1ed1i v\u1edbi c\u00e1c doanh nghi\u1ec7p \u0111ang s\u1eed d\u1ee5ng Elastic Defend nh\u01b0 l\u1edbp ph\u00f2ng th\u1ee7 tuy\u1ebfn \u0111\u1ea7u, vi\u1ec7c l\u1ed7 h\u1ed5ng b\u1ecb khai th\u00e1c c\u00f3 th\u1ec3 g\u00e2y \u1ea3nh h\u01b0\u1edfng nghi\u00eam tr\u1ecdng t\u1edbi to\u00e0n b\u1ed9 h\u1ea1 t\u1ea7ng n\u1ed9i b\u1ed9.<\/p>\n<p data-start=\"1013\" data-end=\"1521\">Elastic x\u00e1c nh\u1eadn c\u00e1c nh\u00e1nh phi\u00ean b\u1ea3n 8.x v\u00e0 9.x \u0111\u1ec1u ch\u1ecbu \u1ea3nh h\u01b0\u1edfng v\u00e0 khuy\u1ebfn ngh\u1ecb ng\u01b0\u1eddi d\u00f9ng n\u00e2ng c\u1ea5p ngay l\u00ean c\u00e1c phi\u00ean b\u1ea3n \u0111\u00e3 \u0111\u01b0\u1ee3c v\u00e1 g\u1ed3m 8.19.6, 9.1.6 ho\u1eb7c 9.2.0. B\u1ea3n c\u1eadp nh\u1eadt t\u1eadp trung s\u1eeda l\u1ed7i trong c\u01a1 ch\u1ebf qu\u1ea3n l\u00fd quy\u1ec1n, nh\u1eb1m ng\u0103n ch\u1eb7n kh\u1ea3 n\u0103ng d\u1ecbch v\u1ee5 Defend b\u1ecb l\u1ee3i d\u1ee5ng \u0111\u1ec3 thao t\u00e1c tr\u00e1i ph\u00e9p l\u00ean t\u1ec7p h\u1ec7 th\u1ed1ng. Vi\u1ec7c tr\u00ec ho\u00e3n c\u1eadp nh\u1eadt s\u1ebd l\u00e0m gia t\u0103ng nguy c\u01a1 b\u1ecb khai th\u00e1c, \u0111\u1eb7c bi\u1ec7t trong tr\u01b0\u1eddng h\u1ee3p k\u1ebb t\u1ea5n c\u00f4ng \u0111\u00e3 c\u00f3 quy\u1ec1n truy c\u1eadp ban \u0111\u1ea7u th\u00f4ng qua c\u00e1c h\u00ecnh th\u1ee9c nh\u01b0 l\u1eeba \u0111\u1ea3o ho\u1eb7c khai th\u00e1c l\u1ed7 h\u1ed5ng kh\u00e1c.<\/p>\n<p data-start=\"1523\" data-end=\"1871\">Trong tr\u01b0\u1eddng h\u1ee3p ch\u01b0a th\u1ec3 c\u1eadp nh\u1eadt ngay, Elastic \u0111\u1ec1 xu\u1ea5t s\u1eed d\u1ee5ng t\u1ea1m th\u1eddi Elastic Defend tr\u00ean Windows 11 phi\u00ean b\u1ea3n 24H2 ho\u1eb7c m\u1edbi h\u01a1n, do h\u1ec7 \u0111i\u1ec1u h\u00e0nh n\u00e0y \u0111\u00e3 b\u1ed5 sung c\u00e1c c\u01a1 ch\u1ebf ki\u1ec3m so\u00e1t truy c\u1eadp ch\u1eb7t ch\u1ebd h\u01a1n, gi\u00fap gi\u1ea3m kh\u1ea3 n\u0103ng khai th\u00e1c. Tuy nhi\u00ean, \u0111\u00e2y ch\u1ec9 l\u00e0 bi\u1ec7n ph\u00e1p gi\u1ea3m thi\u1ec3u t\u1ea1m th\u1eddi v\u00e0 kh\u00f4ng th\u1ec3 thay th\u1ebf cho vi\u1ec7c \u00e1p d\u1ee5ng b\u1ea3n v\u00e1 ch\u00ednh th\u1ee9c.<\/p>\n<p data-start=\"1873\" data-end=\"2250\" data-is-last-node=\"\" data-is-only-node=\"\">Elastic c\u0169ng khuy\u1ebfn c\u00e1o c\u00e1c t\u1ed5 ch\u1ee9c ch\u1ee7 \u0111\u1ed9ng ki\u1ec3m tra h\u1ec7 th\u1ed1ng, x\u00e1c \u0111\u1ecbnh c\u00e1c thi\u1ebft b\u1ecb \u0111ang ch\u1ea1y Elastic Defend v\u00e0 theo d\u00f5i c\u00e1c d\u1ea5u hi\u1ec7u b\u1ea5t th\u01b0\u1eddng nh\u01b0 vi\u1ec7c x\u00f3a t\u1ec7p kh\u00f4ng r\u00f5 nguy\u00ean nh\u00e2n. Vi\u1ec7c duy tr\u00ec ph\u00e2n quy\u1ec1n h\u1ee3p l\u00fd, sao l\u01b0u \u0111\u1ecbnh k\u1ef3 v\u00e0 c\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m k\u1ecbp th\u1eddi ti\u1ebfp t\u1ee5c l\u00e0 nh\u1eefng y\u1ebfu t\u1ed1 then ch\u1ed1t \u0111\u1ec3 gi\u1ea3m thi\u1ec3u r\u1ee7i ro b\u1ea3o m\u1eadt trong m\u00f4i tr\u01b0\u1eddng an ninh m\u1ea1ng ng\u00e0y c\u00e0ng ph\u1ee9c t\u1ea1p.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Elastic v\u1eeba ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 b\u1ea3o m\u1eadt \u0111\u1ec3 kh\u1eafc ph\u1ee5c m\u1ed9t l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng trong Elastic Defend, th\u00e0nh ph\u1ea7n b\u1ea3o v\u1ec7 \u0111i\u1ec3m cu\u1ed1i thu\u1ed9c b\u1ed9 Elastic Security. L\u1ed7 h\u1ed5ng mang m\u00e3 CVE-2025-37735, b\u1eaft ngu\u1ed3n t\u1eeb c\u01a1 ch\u1ebf b\u1ea3o to\u00e0n quy\u1ec1n truy c\u1eadp kh\u00f4ng ch\u00ednh x\u00e1c, khi\u1ebfn d\u1ecbch v\u1ee5 Defend khi ch\u1ea1y v\u1edbi quy\u1ec1n [&hellip;]<\/p>\n","protected":false},"author":46,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[],"class_list":["post-10346","post","type-post","status-publish","format-standard","hentry","category-tin-tuc-cua-vien"],"_links":{"self":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10346","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/users\/46"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/comments?post=10346"}],"version-history":[{"count":0,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10346\/revisions"}],"wp:attachment":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/media?parent=10346"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/categories?post=10346"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/tags?post=10346"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}