Microsoft — MDASH Agentic System Finds 16 Windows Flaws Including 4 Critical RCEs

AI relevance: Microsoft's MDASH platform demonstrates that multi-agent AI systems can now autonomously discover and validate critical operating-system vulnerabilities — a capability that shifts the defender advantage but also accelerates the AI-versus-AI vulnerability arms race.

Details

• Microsoft's Autonomous Code Security team, with the Windows Attack Research and Protection group, built MDASH — a multi-model agentic system that orchestrates 100+ specialized AI agents across frontier and distilled models, each assigned to a different stage of the vulnerability discovery pipeline.
• In its first operational run, MDASH found 16 previously unknown Windows vulnerabilities, including four critical RCEs, all patched in the May 12, 2026 Patch Tuesday release.
• CVE-2026-33827 — remote unauthenticated use-after-free in the Windows IPv4 stack, exploitable via crafted packets with the Strict Source and Record Route option over UDP/500.
• CVE-2026-33824 — pre-authentication double-free in the IKEEXT service, affecting RRAS VPN, DirectAccess, and Always-On VPN deployments.
• Two additional critical flaws in Netlogon and the Windows DNS Client, both CVSS 9.8.
• The remaining 12 "Important" vulns covered denial-of-service, privilege escalation, info disclosure, and security feature bypass across tcpip.sys, http.sys, ikeext.dll, and telnet.exe.
• MDASH architecture: some agents scan source code for potential flaws, others validate whether findings are genuine, and a third stage constructs triggering inputs to reproduce the issue before human review. The pipeline is intentionally model-agnostic.
• On a private test driver, MDASH found 21 of 21 planted vulnerabilities with zero false positives; achieved 96% recall against five years of confirmed MSRC cases in clfs.sys, and 100% recall on kernel-mode driver cases.
• The platform enters private preview for enterprise customers in June 2026. VP Taesoo Kim: "The model is one input. The system is the product."
• MDASH arrives weeks after Microsoft's Project Glasswing partnership with Anthropic to evaluate Claude Mythos Preview for automated zero-day discovery.

Why It Matters

• This is not a research exercise — MDASH found production-grade critical RCEs in Windows components deployed across millions of enterprise endpoints.
• The 100+ agent orchestration model shows that agentic AI vulnerability discovery has moved past single-model "toss a report at an LLM" approaches into structured, multi-stage pipelines with validation gates.
• The AI-versus-AI vulnerability race is accelerating: defenders using MDASH-style systems must now assume attackers have comparable AI-assisted discovery capabilities against the same codebases.
• Microsoft operates simultaneously as platform owner, security vendor, AI infrastructure player, OpenAI partner, Anthropic collaborator, and agentic security supplier — a concentration of influence that security leaders should monitor closely.

What to Do

• Apply the May 2026 Patch Tuesday updates immediately, especially CVE-2026-33827 (IPv4 stack) and CVE-2026-33824 (IKEEXT) which are remotely exploitable without authentication.
• For organizations running RRAS VPN, DirectAccess, or Always-On VPN: verify IKEEXT patches are deployed and monitor for exploitation attempts on UDP/500.
• Evaluate whether your organization's own codebases could benefit from agentic vulnerability discovery pipelines — MDASH's private preview opens in June.
• Assume that AI-assisted vulnerability discovery is now available to offensive actors; accelerate your own patching cadence accordingly.

Sources

• Microsoft Security Blog — Defense at AI Speed
• CSO Online — Microsoft's New AI System Finds 16 Windows Flaws
• Microsoft Security Response Center — May 2026 Patch Tuesday