Full Report
Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different vulnerability
Analysis Summary
# Vulnerability: Multiple Windows Remote Code Execution Flaws (Discovered via MDASH AI)
## CVE Details
**Finding 1:**
- CVE ID: CVE-2026-33824
- CVSS Score: 9.8 (Critical)
- CWE: Double-Free (CWE-415)
**Finding 2:**
- CVE ID: CVE-2026-33827
- CVSS Score: 8.1 (High)
- CWE: Race Condition (CWE-362)
*Note: These are the primary highlights of 16 total vulnerabilities discovered by the MDASH system and fixed in the May 2026 Patch Tuesday cycle.*
## Affected Systems
- **Products:** Microsoft Windows
- **Versions:** Windows versions containing the affected Networking and Authentication stacks (validated in May 2026 update bundle).
- **Configurations:**
- **CVE-2026-33824:** Systems with Internet Key Exchange (IKE) version 2 enabled.
- **CVE-2026-33827:** Windows nodes with IPv6 and IPSec enabled.
## Vulnerability Description
- **CVE-2026-33824:** A double-free vulnerability exists in `ikeext.dll`. The flaw is triggered when the system mishandles specially crafted packets during IKEv2 negotiation, leading to memory corruption.
- **CVE-2026-33827:** A race condition exists within the Windows TCP/IP driver (`tcpip.sys`). The flaw occurs during the processing of specially crafted IPv6 packets when IPSec is active, allowing for logic errors that can be leveraged for code execution.
## Exploitation
- **Status:** Not exploited (Discovered internally via Microsoft MDASH AI; fixed at time of disclosure).
- **Complexity:**
- **CVE-2026-33824:** Low (Unauthenticated remote access).
- **CVE-2026-33827:** Medium (Requires specific timing/race condition).
- **Attack Vector:** Network
## Impact
- **Confidentiality:** High
- **Integrity:** High
- **Availability:** High
- **Overall Result:** Full system compromise via Remote Code Execution (RCE).
## Remediation
### Patches
- Microsoft released official security updates for these vulnerabilities as part of the **May 2026 Patch Tuesday**. Users should apply all Windows Updates immediately to address these and the 14 other associated flaws.
### Workarounds
- **IKEv2:** Disable IKEv2 if not required for VPN or IPsec communications (use alternative protocols like SSTP where applicable).
- **IPSec/IPv6:** Restrict IPv6 traffic at the network perimeter or disable IPSec services if they are not a business requirement, though this may impact secure internal communications.
## Detection
- **Indicators of Compromise:** Unusual crashes in `ikeext.dll` or Blue Screen of Death (BSOD) events associated with `tcpip.sys`.
- **Detection methods and tools:**
- Monitor for malformed IKEv2 negotiation packets.
- Utilize Microsoft Defender and third-party EDR tools that have updated signatures for the May 2026 release cycle.
## References
- Microsoft Security Response Center (MSRC): [https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33824]
- Microsoft Security Blog: [https://www.microsoft.com/en-us/security/blog/2026/05/12/defense-at-ai-speed-microsofts-new-multi-model-agentic-security-system-tops-leading-industry-benchmark/]
- Original Report: [https://thehackernews.com/2026/05/microsofts-mdash-ai-system-finds-16.html]