diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
index b3893d2c828..c9b8b27683b 100644
--- a/CHANGELOG.asciidoc
+++ b/CHANGELOG.asciidoc
@@ -59,6 +59,8 @@ https://github.com/elastic/beats/compare/v5.0.0-alpha1...master[Check the HEAD d
 *Winlogbeat*
 
 - Fix panic when reading messages larger than 32K characters on Windows XP and 2003. {pull}1498[1498]
+- Fix panic that occurs when reading a large events on Windows Vista and newer. {pull}1499[1499]
+
 
 ==== Added
 
diff --git a/winlogbeat/sys/wineventlog/wineventlog_windows.go b/winlogbeat/sys/wineventlog/wineventlog_windows.go
index 45be1edd827..bc5eab1c454 100644
--- a/winlogbeat/sys/wineventlog/wineventlog_windows.go
+++ b/winlogbeat/sys/wineventlog/wineventlog_windows.go
@@ -192,7 +192,6 @@ func RenderEventNoMessage(eventHandle EvtHandle, renderBuf []byte) (string, erro
 	var bufferUsed, propertyCount uint32
 	err := _EvtRender(0, eventHandle, EvtRenderEventXml, uint32(len(renderBuf)),
 		&renderBuf[0], &bufferUsed, &propertyCount)
-	bufferUsed *= 2 // It returns the number of utf-16 chars.
 	if err == ERROR_INSUFFICIENT_BUFFER {
 		return "", sys.InsufficientBufferError{err, int(bufferUsed)}
 	}
@@ -200,7 +199,12 @@ func RenderEventNoMessage(eventHandle EvtHandle, renderBuf []byte) (string, erro
 		return "", err
 	}
 
-	xml, _, err := sys.UTF16BytesToString(renderBuf[0:bufferUsed])
+	if int(bufferUsed) > len(renderBuf) {
+		return "", fmt.Errorf("Windows EvtRender reported that wrote %d bytes "+
+			"to the buffer, but the buffer can only hold %d bytes",
+			bufferUsed, len(renderBuf))
+	}
+	xml, _, err := sys.UTF16BytesToString(renderBuf[:bufferUsed])
 	return xml, err
 }