Microsoft's MDASH AI Scanning Harness Uncovers 16 Windows CVEs, Including Four Critical RCE Flaws in TCP/IP, IKEv2, Netlogon, and DNS — Threadlinqs Intelligence
Threat ID: TL-2026-1184 · Severity: CRITICAL · CVSS: 9.8 · Status: PATCHED · Category: VULNERABILITY
Microsoft's Multi-Model Agentic Scanning Harness (MDASH), a 100+ agent AI pipeline that discovers, debates, and proves Windows kernel/service vulnerabilities, surfaced 16 previously unknown CVEs
Microsoft's Security Response Center (MSRC) and Microsoft Research disclosed MDASH (Multi-Model Agentic Scanning Harness), an AI-driven vulnerability-discovery pipeline that orchestrates more than 100 specialized agents across an ensemble of frontier and distilled language models. MDASH runs a five-stage workflow: Prepare (builds language-aware code indices and threat models via commit analysis), Scan (auditor agents flag candidate vulnerabilities with supporting evidence), Validate (debater agents argue for and against exploitability and reachability), Dedupe (collapses semantically equivalent findings), and Prove (constructs and executes triggering inputs to confirm exploitability with a working proof-of-concept). The system uses a configurable model panel — a state-of-the-art model as the heavy reasoner, distilled models as cost-effective high-volume debaters, and a second independent SOTA model as a counterpoint — explicitly to avoid the blind spots of any single-model approach. Domain-specific plugins inject expertise the base models otherwise lack, such as Windows kernel calling conventions, lock invariants, and IPC trust boundaries.
Microsoft reported MDASH scored 88.45% on the CyberGym benchmark of 1,507 real-world vulnerabilities (the top score on the public leaderboard, ahead of Anthropic's Mythos Preview at 83.1% and OpenAI's GPT-5.5 at 81.8%), detected 21 of 21 planted vulnerabilities in an internal StorageDrive test with zero false positives, and demonstrated 96% historical recall against MSRC's known clfs.sys corpus (28 cases) and 100% recall against tcpip.sys (7 cases).
Applied against live Windows source, MDASH surfaced 16 previously unknown CVEs spanning the Windows networking and authentication stack — 10 kernel-mode and 6 user-mode vulnerabilities — the majority reachable from an unauthenticated network position. Four are rated CRITICAL remote code execution:
1. **CVE-2026-33827** (tcpip.sys, CVSS 3.1 8.1, CWE-362 Race Condition): an unsynchronized reference-count decrement in the Windows TCP/IP stack's handling of IPv4 packets carrying the Strict Source and Record Route (SSRR) option leads to a use-after-free. MDASH's own writeup notes the bug spans non-trivial control flow where 'the reference count might reach zero at the earlier release point,' a pattern difficult for single-model auditors lacking cross-file comparison. Published April 14, 2026.
2. **CVE-2026-33824** (ikeext.dll, CVSS 3.1 9.8, CWE-415 Double Free): an unauthenticated attacker who sends a crafted IKEv2 SA_INIT exchange with malformed fragmentation to a host with the IKE Extension service enabled (affecting RRAS VPN, DirectAccess, and Always-On VPN deployments) triggers a double-free spanning six source files; MDASH identified the flaw by contrasting the vulnerable path against a correctly implemented shallow-copy pattern elsewhere in the codebase. Published April 14, 2026.
3. **CVE-2026-41089** (netlogon.dll, CVSS 3.1 9.8, CWE-121 Stack-based Buffer Overflow): an unauthenticated CLDAP request with a crafted User= filter overflows a stack buffer in Netlogon, allowing remote code execution on a domain controller with no user interaction — assessed by researchers as wormable and the highest-urgency bug in the batch given that 'a compromised domain controller is a compromised domain.' Published May 12, 2026.
4. **CVE-2026-41096** (dnsapi.dll / Windows DNS Client, CVSS 3.1 9.8, CWE-122 Heap-based Buffer Overflow): a heap overflow triggered by a crafted UDP DNS response allows an attacker positioned to respond to DNS queries (rogue server or on-path/MitM) to achieve remote code execution on essentially any Windows host, since the DNS Client component runs on virtually every Windows machine. Published May 12, 2026.
The remaining 12 MDASH-discovered flaws are rated Important and span tcpip.sys, http.sys, ikeext.dll, and telnet.exe, covering denial-of-service, privilege-escalation, information-disclosure, and security-feature-bypass classes. A
Weaknesses (CWE)
CWE-362, CWE-415, CWE-121, CWE-122
Target sectors: government administration, finance, health, technology, education, manufacturing, retail, energy, telecoms
Target regions: Global
Detections & IOCs
This threat has 9 detection rule(s) across Splunk SPL, Microsoft KQL and Sigma, and 19 indicator(s) of compromise. Detection query text and full IOC values are available to authenticated users and programmatically via the Threadlinqs MCP server (Purple tier). View plans.
VULNERABILITY, CRITICAL, threat intelligence, cybersecurity, CVE-2026-33827, CVE-2026-33824, CVE-2026-41089, CVE-2026-41096, T1595, T1592, T1588, T1587, T1190, T1210, T1203, T1068, T1078, T1211