Microsoft MDASH finds 16 Windows flaws

Microsoft said on May 12 that its internal AI-driven security system, codenamed MDASH, helped researchers identify 16 previously unknown vulnerabilities in Windows, including four critical remote-code-execution flaws. The company disclosed the findings in a security blog post tied to its May 12 Patch Tuesday release. CSO Online reported on May 13 that Microsoft plans to open the system to enterprise customers in a private preview in June. The flaws were found in Windows networking and authentication components, according to Microsoft. ### Which Windows flaws did MDASH uncover? Microsoft said the 16 vulnerabilities were spread across the Windows networking and authentication stack, with four rated critical because they could enable remote code execution. The company named affected areas including the Windows kernel TCP/IP stack and the IKEv2 service. (microsoft.com) CSO Online reported that one of the critical bugs, CVE-2026-33827, was a remote unauthenticated use-after-free flaw in the Windows IPv4 stack reachable through specially crafted packets using the Strict Source and Record Route option. Another, CVE-2026-33824, involved a pre-authentication double-free issue in the IKEEXT service affecting RRAS VPN, DirectAccess and Always-On VPN deployments. The report said two other critical flaws affected Netlogon and the Windows DNS Client, each with CVSS scores of 9.8. (microsoft.com) ### How did Microsoft say the system works? MDASH was built by Microsoft’s Autonomous Code Security team, according to the company’s May 12 post. Microsoft said the system orchestrates more than 100 specialized AI agents across multiple frontier and distilled models rather than relying on a single model. (csoonline.com) Taesoo Kim, Microsoft vice president for agentic security, wrote that different agents handle different stages of the process, including scanning code, debating possible findings, validating whether a flaw is real and constructing triggering inputs before a human engineer reviews the result. Kim described the approach in the company post with the line: “The model is one input. The system is the product.” (microsoft.com) ### Were the bugs already patched? Microsoft said the vulnerabilities identified by MDASH were fixed as part of the company’s May 12 Patch Tuesday release. That means the flaws were disclosed after patches were made available, not as active public zero-days. The May 12 blog post also said the system had been used by Microsoft security engineering teams before the public announcement. (csoonline.com) CSO Online reported that the tool had aided Microsoft security teams in identifying and triaging flaws before the planned customer preview. ### Why is Microsoft emphasizing the architecture, not one model? Microsoft said MDASH was designed to be model-agnostic, allowing the company to swap underlying AI models without rebuilding the larger orchestration layer. In its blog post, the company argued that the advantage comes from the broader system around the models. (microsoft.com) The same Microsoft post said MDASH scored 88.45% on the public CyberGym benchmark of 1,507 real-world vulnerabilities, and reported 21 of 21 planted vulnerabilities found with zero false positives on a private test driver. Those figures came from Microsoft’s own announcement. (microsoft.com) ### What happens next for MDASH? CSO Online reported on May 13 that Microsoft will open MDASH to enterprise customers in a private preview in June. Microsoft’s own May 12 post said the system is already being tested by a small set of customers as part of a limited private preview and invited readers to sign up for access. (microsoft.com) June is the next concrete milestone Microsoft has put on the system. The named participants in that step are Microsoft’s security engineering teams, existing test customers and enterprise users who sign up for the private preview, according to Microsoft and CSO Online. (microsoft.com) (csoonline.com)