Microsoft's MDASH Discovers 16 Windows Vulnerabilities, Including Four Critical RCEs

Severity: High (Score: 72.5)

Sources: Itnews.Au, Thehackernews, Letsdatascience, www.microsoft.com, Neowin

Summary

Microsoft announced the discovery of 16 vulnerabilities in Windows, including four critical remote code execution (RCE) flaws, through its new AI-powered scanning tool, MDASH. The vulnerabilities were found in the Windows networking and authentication stack, affecting components like TCP/IP and DNS. MDASH, developed by Microsoft's Autonomous Code Security team, utilizes over 100 specialized AI agents to identify and validate vulnerabilities. The tool achieved a perfect score in a private test, detecting all 21 planted vulnerabilities with zero false positives. It also scored 88.45% on the CyberGym benchmark, placing it at the top of the leaderboard. The vulnerabilities were patched in April and May 2026 as part of Microsoft's Patch Tuesday updates. MDASH is currently in a private preview phase for select enterprise customers. Key Points: • MDASH found 16 vulnerabilities in Windows, including four critical RCE flaws. • The tool uses over 100 AI agents and achieved zero false positives in testing. • Vulnerabilities were patched in April and May 2026 during Patch Tuesday updates.

Key Entities

• Remote Code Execution (attack_type)
• United States (country)
• Windows (platform)