{"id":483352,"date":"2026-05-13T23:12:16","date_gmt":"2026-05-13T23:12:16","guid":{"rendered":"https:\/\/www.europesays.com\/ie\/483352\/"},"modified":"2026-05-13T23:12:16","modified_gmt":"2026-05-13T23:12:16","slug":"microsofts-agentic-security-system-mdash-uncovers-four-critical-windows-rce-flaws","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/ie\/483352\/","title":{"rendered":"Microsoft’s agentic security system MDASH uncovers four critical Windows RCE flaws"},"content":{"rendered":"

Microsoft Corp. today detailed a new artificial intelligence-powered vulnerability discovery system that uncovered 16 previously unknown flaws in Windows networking and authentication components, including four critical remote code execution bugs patched in this month\u2019s Patch Tuesday release.<\/p>\n

The system, codenamed MDASH for multi-model agentic scanning harness, was built by Microsoft\u2019s Autonomous Code Security team in collaboration with the company\u2019s Windows Attack Research and Protection group. MDASH orchestrates more than 100 specialized AI agents across an ensemble of frontier and distilled models to find, debate and prove exploitable bugs from end to end.<\/p>\n

The 16 vulnerabilities span the Windows TCP\/IP stack, the IKEEXT IPsec service, HTTP.sys, Netlogon, DNS resolution and the Telnet client.<\/p>\n

Ten of the vulnerabilities were kernel-mode and six were usermode and most were reachable from a network position without credentials.<\/p>\n

Among the four rated critical are CVE-2026-33827, a remote unauthenticated use-after-free in tcpip.sys triggered by crafted IPv4 packets carrying the Strict Source and Record Route option and CVE-2026-33824, a double-free in the IKEv2 service reachable over UDP port 500 that yields code execution as LocalSystem.<\/p>\n

The vulnerabilities were also not the kind a single-pass scanner would typically surface. The tcpip.sys flaw involved a reference-counted Path object whose ownership was dropped before a later reuse, with three independent concurrent free paths in play. The IKEEXT double-free vulnerability spanned six source files and was only visible when contrasted against a correctly handled site elsewhere in the same code base.<\/p>\n

Microsoft also disclosed benchmark results to back claims that the harness is performing at production scale.<\/p>\n

On a private test driver called StorageDrive containing 21 planted vulnerabilities, MDASH identified all 21 with zero false positives. Against five years of confirmed Microsoft Security Response Center cases, the system recorded 96% recall on clfs.sys and 100% on tcpip.sys. On the public CyberGym benchmark, which covers 1,507 real-world vulnerability reproduction tasks drawn from 188 open-source projects, MDASH scored 88.45%, the top result on the leaderboard and roughly five points ahead of the next entry.<\/p>\n

The architecture runs the work as a pipeline of prepare, scan, validate, dedup and prove stages, with specialized agent roles at each step. State-of-the-art models handle heavy reasoning, distilled models act as cost-effective debaters for high-volume passes and a separate frontier model provides an independent counterpoint. Domain plugins inject context the foundation models cannot infer on their own, including kernel calling conventions, lock in variants and interprocess communication trust boundaries.<\/p>\n

Taesoo Kim, vice president of agentic security at Microsoft, wrote in the company\u2019s announcement<\/a> that the durable advantage in AI-driven vulnerability discovery lies in the agentic system around the model rather than any single model. Several members of the Autonomous Code Security team came from Team Atlanta, the group that won first place in the $20 million DARPA AI Cyber Challenge by building an autonomous cyber-reasoning system that found and patched real bugs in open-source projects.<\/p>\n

MDASH is already being used internally by Microsoft engineering teams and is being tested by a limited set of customers as part of a private preview.<\/p>\n

Image: Microsoft<\/p>\n

Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE\u2019s Alumni Trust Network<\/strong>, where technology leaders connect, share intelligence and create opportunities.<\/p>\n