New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC released

Staff Editor 2026-05-17
New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC released

New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC released

https://www.bleepingcomputer.com/news/microsoft/new-windows-miniplasma-zero-day-exploit-gives-system-access-poc-released/

Publish Date: 2026-05-17 18:30:00

Source Domain: www.bleepingcomputer.com

A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed “MiniPlasma” that lets attackers gain SYSTEM privileges on fully patched Windows systems. 

The exploit was published by a researcher known as Chaotic Eclipse, or Nightmare Eclipse, who released both the source code and a compiled executable on GitHub after claiming that Microsoft failed to properly patch a previously reported 2020 vulnerability. 

According to the researcher, the flaw impacts the ‘cldflt.sys’ Cloud Filter driver and its ‘HsmOsBlockPlaceholderAccess’ routine, which was originally reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020.

At the time, the flaw was assigned the CVE-2020-17103 identifier and reportedly fixed in December 2020.

“After investigating, it turns out the exact same issue that was reported to Microsoft by Google project zero is actually still present, unpatched,” explains Chaotic Eclipse.

“I’m unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons. The original PoC by Google worked without any changes.”

BleepingComputer tested the exploit on a fully patched Windows 11 Pro system running the latest May 2026 Patch Tuesday updates. 

In our test, we used a standard user account, and after running the exploit, it opened a command prompt with SYSTEM privileges, as shown in the image below.

https://project-zero.issues.chromium.org/issues/42451192MiniPlasma exploit successfully gave Windows SYSTEM privileges
Source: BleepingComputer

Will Dormann, principal vulnerability analyst at Tharros, also confirmed the exploit works in his tests on the latest public version of Windows 11. However, he said that the flaw does not work in the latest Windows 11 Insider Preview Canary build.

The exploit appears to abuse how the Windows Cloud Filter driver handles registry key creation through an undocumented CfAbortHydration API. Forshaw’s original report said that the…

Source

More Stories

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

Staff Editor 2026-06-06
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

Staff Editor 2026-06-06
When Steve Jobs Revealed The iPhone, Most Of The Industry Shrugged. CrowdStrike CEO Says AI Could Be Anot

When Steve Jobs Revealed The iPhone, Most Of The Industry Shrugged. CrowdStrike CEO Says AI Could Be Anot

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy