code security Archives

Winsage

May 14, 2026

Microsoft MDASH finds Windows security flaws with AI | ETIH EdTech News

Microsoft has developed an AI security system called MDASH that has identified 16 vulnerabilities in Windows networking and authentication frameworks, with four classified as Critical, allowing for remote code execution. MDASH uses over 100 specialized AI agents to analyze code from multiple perspectives, improving the accuracy of vulnerability detection. The system has successfully detected all 21 planted vulnerabilities in a private testing environment without false positives, achieving a 96 percent recall rate against historical cases and an 88.45 percent success rate on the CyberGym benchmark. The identified vulnerabilities include issues in tcpip.sys and IKEEXT, which can be exploited remotely without needing credentials.

Winsage

April 30, 2025

Unpatched Windows Shortcut Vulnerability Let Attackers Execute Remote Code

Security researcher Nafiez has discovered a vulnerability in Windows LNK files that allows remote code execution without user interaction. Microsoft has chosen not to address this issue, stating it does not meet their security servicing criteria. The vulnerability exploits specific components of LNK files, enabling attackers to create malicious shortcuts that initiate silent network connections when a user accesses a folder containing them. The exploit involves manipulating the HasArguments flag, EnvironmentVariableDataBlock, and embedding UNC paths. Microsoft defends its inaction by citing the Mark of the Web (MOTW) feature as adequate protection, despite concerns from security experts about its effectiveness. Previous vulnerabilities in LNK files have been addressed by Microsoft, and the availability of proof-of-concept code raises fears of potential exploitation by malicious actors.

AppWizard

April 9, 2025

Google releases enterprise-grade Gemini tier in Android Studio

Google has introduced a new version of Gemini for Android Studio, specifically designed for businesses. This version ensures that company code is not saved by Google and is not used for AI model training. It includes IP protection against claims related to AI-generated code. The offering, available through Gemini Code Assist Standard or Enterprise subscriptions, enhances existing features with security and IP protections, including tools like build and sync error support and App Quality Insights. Google emphasizes its commitment to security with certifications such as SOC 1/2/3 and ISO/IEC 27001. Additionally, businesses benefit from IP indemnification against copyright infringement claims related to AI-generated code. The enterprise-grade version can be accessed via the Android Studio Narwhal build on the Canary release channel with an eligible Gemini Code Assist license.