Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/Service
Summary
Hide ▲
Show ▼
Microsoft's MDASH has entered limited private preview, adding a new AI-driven vulnerability discovery service that can validate and prove exploitable defects at scale. The system matters because it is designed to move from candidate findings to validated bugs across complex codebases such as Windows. Early testing already surfaced 16 Windows flaws fixed in Patch Tuesday, including two critical remote-code-execution issues.
Related Happenings
Microsoft open-sources RAMPART and Clarity for AI agent security testing and design review
Security Tool/Service
First: 20.05.2026 20:06
Last: 20.05.2026 20:06
Sources 1
About this happening:
**Microsoft** open-sourced **RAMPART** and **Clarity**, adding **AI agent security testing** and **design-time reasoning** capabilities that help developers catch risks before dep...
Microsoft open-sources RAMPART and Clarity for AI agent security testing and design review
Security Tool/ServiceAbout this happening: **Microsoft** open-sourced **RAMPART** and **Clarity**, adding **AI agent security testing** and **design-time reasoning** capabilities that help developers catch risks before dep...
Windows cldflt.sys MiniPlasma privilege escalation zero-day privilege-escalation flaw
Vulnerability
First: 18.05.2026 07:59
Last: 18.05.2026 07:59
Sources 1
About this happening:
**MiniPlasma** is a **Windows privilege-escalation zero-day** in **cldflt.sys** that can give attackers **SYSTEM** privileges on **fully patched Windows systems**. The flaw affect...
Windows cldflt.sys MiniPlasma privilege escalation zero-day privilege-escalation flaw
VulnerabilityAbout this happening: **MiniPlasma** is a **Windows privilege-escalation zero-day** in **cldflt.sys** that can give attackers **SYSTEM** privileges on **fully patched Windows systems**. The flaw affect...
Windows cldflt.sys privilege escalation (CVE-2020-17103)
Vulnerability
First: 18.05.2026 01:30
Last: 18.05.2026 01:30
Sources 1
About this happening:
A public **MiniPlasma** proof-of-concept has renewed concern around the **Windows cldflt.sys Cloud Filter driver** because it can elevate a **standard user** to **SYSTEM** on **fu...
Windows cldflt.sys privilege escalation (CVE-2020-17103)
VulnerabilityAbout this happening: A public **MiniPlasma** proof-of-concept has renewed concern around the **Windows cldflt.sys Cloud Filter driver** because it can elevate a **standard user** to **SYSTEM** on **fu...
Windows DNS heap-based buffer overflow remote code execution flaw (CVE-2026-41096)
Vulnerability
First: 13.05.2026 13:36
Last: 13.05.2026 13:36
Sources 1
About this happening:
Microsoft patched **CVE-2026-41096**, a **heap-based buffer overflow** in **Windows DNS** that could let an unauthorized attacker execute code remotely on vulnerable Windows syste...
Windows DNS heap-based buffer overflow remote code execution flaw (CVE-2026-41096)
VulnerabilityAbout this happening: Microsoft patched **CVE-2026-41096**, a **heap-based buffer overflow** in **Windows DNS** that could let an unauthorized attacker execute code remotely on vulnerable Windows syste...
Microsoft May 2026 Patch Tuesday release
Security Patch Release
First: 13.05.2026 13:36
Last: 13.05.2026 13:36
Sources 1
About this happening:
Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Microsoft May 2026 Patch Tuesday release
Security Patch ReleaseAbout this happening: Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Timeline
-
13.05.2026 16:46 2 articles · 14d ago
Microsoft unveils MDASH in limited private preview
Initial DisclosureMicrosoft unveiled MDASH, a multi-model agentic scanning harness in limited private preview that uses more than 100 specialized AI agents to discover, validate, and prove exploitable defects in complex codebases like Windows. The system had already been tested on Windows code and identified 16 vulnerabilities fixed in Patch Tuesday, including CVE-2026-33824 in ikeext.dll and CVE-2026-33827 in tcpip.sys, both of which could lead to remote code execution.
Show sources
- Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday — thehackernews.com — 13.05.2026 16:46
- Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday — thehackernews.com — 13.05.2026 16:46