Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix
Publish Date: 2026-05-18 04:22:00
Source Domain: securityaffairs.com
Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix
Pierluigi Paganini
May 18, 2026
MiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11.
Once again, security researcher Chaotic Eclipse has released a proof-of-concept exploit for a new Windows privilege escalation zero-day called MiniPlasma, which can grant attackers SYSTEM privileges on fully patched systems.
The flaw affects “cldflt.sys,” the Windows Cloud Files Mini Filter Driver, specifically within the “HsmOsBlockPlaceholderAccess” routine. Google Project Zero researcher James Forshaw originally reported the vulnerability to Microsoft in September 2020.
“After re-investigating the technique used in GreenPlasma (specifically SetPolicyVal), it turns out cldflt!HsmOsBlockPlaceholderAccess is still vulnerable to the exact same issue that was reported to Microsoft 6 years ago. I’m not taking full credit for this, James Forshaw from google project zero found the vulnerability and reported it to Microsoft and was supposedly fixed as CVE-2020-17103.” Chaotic Eclipse wrote.
“However, a research who’s a friend of mine pointed out that the routine might still have a vulnerability, which is something I considered but brushed off because I thought it was impossible for Microsoft to just not patch this or rollback the patch.”
Chaotic Eclipse investigated further and found that the exact same vulnerability is still present in fully patched systems running the latest May 2026 updates. The original proof-of-concept code published by Forshaw worked without modification. The researcher then weaponized it to spawn a SYSTEM shell and published it as MiniPlasma, noting that reliability may vary due to the exploit’s race-condition nature, but that it worked consistently across their…
