Microsoft's MDASH AI System Discovers 16 Windows Vulnerabilities

Microsoft's MDASH AI System Discovers 16 Windows Vulnerabilities

First seen 13 May 2026, 10:26 UTC Itnews.AuNeowinThehackernewsLetsdatascienceGround.News+24 88% similarity 72.5

Article Content

Browse articles
ThreatCluster

Microsoft's newly developed MDASH (Multi-Model Agentic Scanning Harness) identified 16 vulnerabilities in Windows, including four critical remote code execution (RCE) flaws. The vulnerabilities were found in key components such as the TCP/IP stack and IKEv2 service. These findings were part of Microsoft's May Patch Tuesday, which addressed a total of 120 CVEs. MDASH utilizes over 100 specialized AI agents to enhance vulnerability detection, achieving an 88.45% score on the CyberGym benchmark. The system is currently in a private preview phase with select enterprise customers. The vulnerabilities include CVE-2026-40361 and CVE-2026-40364, published on May 12, 2026. Microsoft emphasizes that the AI system's architecture allows for efficient vulnerability discovery at scale, marking a significant advancement in cybersecurity tools.

Key Points: • MDASH discovered 16 vulnerabilities, including four critical RCE flaws in Windows components. • The system achieved an 88.45% score on the CyberGym benchmark, outperforming competitors. • Microsoft's May Patch Tuesday addressed a total of 120 CVEs, with MDASH contributing significantly.

ThreatCluster AI

Timeline

2026-05-07
CVE-2026-33109 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-07
CVE-2026-42826 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-12
CVE-2026-40361 published
Microsoft disclosed a critical RCE vulnerability in Windows components, part of the findings from MDASH.
Letsdatascience
2026-05-12
CVE-2026-40364 published
Another critical RCE vulnerability was published, identified by Microsoft's MDASH system.
Uk.Pcmag
2026-05-12
CVE-2026-42898 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-12
CVE-2026-41096 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-13
Microsoft's May Patch Tuesday released
Microsoft patched a total of 120 CVEs, including 16 vulnerabilities found by MDASH.
Itnews.Au
2026-05-13
MDASH performance results announced
Microsoft reported MDASH's performance, including 21 of 21 vulnerabilities found with zero false positives.
Neowin
2026-05-14
MDASH enters private preview
Microsoft announced that MDASH is being tested by a limited number of enterprise customers.
Ground.News

Community

Browse all →