Microsoft's new AI-powered MDASH security system discovered four critical remote code execution vulnerabilities within the Windows networking and authentication stack. Two of these flaws, CVE-2026-40361 and CVE-2026-40364, each with a CVSS 3.1 score of 8.4 (HIGH), were assessed by Microsoft as being more likely to be exploited. The article does not provide specific affected version ranges, fixed versions, or workarounds for these vulnerabilities.
Microsoft responded to growing competition in AI security by announcing that its new agentic security system helped researchers discover 16 new vulnerabilities in the Windows networking and authentication stack, including four critical remote code execution (RCE) flaws. MDASH architecture diagram (Source: Microsoft) Two of the four flaws — CVE-2026-40361 and CVE-2026-40364 — were deemed by Microsoft to be more likely to be exploited. The multi-model agentic scanning harness, codenamed MDASH, was built by Microsoft’s Autonomous … More → The post Microsoft’s agentic security system found four critical Windows RCE flaws appeared first on Help Net Security .