Microsoft’s new AI system finds 16 Windows flaws, including four critical RCEs

Microsoft has unveiled a new AI-driven vulnerability discovery system that identified 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws, in what security analysts say could mark a major shift in how software vulnerabilities are discovered and remediated. The system, codenamed MDASH, was developed by Microsoft’s Autonomous Code Security team alongside the Windows Attack Research and Protection group. The platform will enter private preview for enterprise customers next month, Microsoft said in a blog post announcing the system. The vulnerabilities were patched as part of Microsoft’s May 12 Patch Tuesday release. “Cyber defenders are facing an increasingly asymmetric battle,” Microsoft added in the blog post. “Attackers are using AI to increase the speed, scale, and sophistication of attacks.” Critical Windows components affected The four critical vulnerabilities affected core Windows components broadly deployed across enterprise environme