Microsoft has revealed that its AI security system, MDASH, discovered 16 Windows vulnerabilities that were patched on May 12 Patch Tuesday. Four of these flaws were rated critical.
MDASH found critical RCE and double-free flaws.
Among the critical vulnerabilities is CVE-2026-33827, a remote code execution issue in tcpip.sys that can be triggered by crafted IPv4 packets. Another is CVE-2026-33824, a pre-authentication double-free vulnerability in the IKEEXT service reachable over UDP port 500.
MDASH is currently in limited private preview with a small group of enterprise customers. Broader availability is expected in the months ahead.
In benchmark testing, MDASH scored 88.45% on CyberGym, a UC Berkeley benchmark based on 1,507 real-world vulnerability reproduction tasks, placing it at the top of the public leaderboard. Against five years of confirmed Microsoft Security Response Center cases in clfs.sys and tcpip.sys, it achieved 96% and 100% recall respectively. In private testing against a previously unreleased Windows driver called StorageDrive, MDASH found all 21 planted vulnerabilities with zero false positives.
Microsoft has not disclosed whether MDASH will be integrated into existing security products or offered as a standalone service.



Discussion
0 comments
Log in to join the thread with a thoughtful take, question, or correction.