{"id":248038,"date":"2026-05-18T00:59:00","date_gmt":"2026-05-18T04:59:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/18\/miniplasma-windows-0-day-enables-system-privilege-escalation-on-fully-patched-systems\/"},"modified":"2026-05-18T03:45:08","modified_gmt":"2026-05-18T07:45:08","slug":"miniplasma-windows-0-day-enables-system-privilege-escalation-on-fully-patched-systems","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/18\/miniplasma-windows-0-day-enables-system-privilege-escalation-on-fully-patched-systems\/","title":{"rendered":"MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/miniplasma-windows-0-day-enables-system.html\">MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/miniplasma-windows-0-day-enables-system.html\">https:\/\/thehackernews.com\/2026\/05\/miniplasma-windows-0-day-enables-system.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-18 00:59:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">May 18, 2026<\/span><\/span><span class=\"p-tags\">Zero Day \/ Vulnerability<\/span><\/p>\n<p>Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems.<\/p>\n<p>Codenamed <strong>MiniPlasma<\/strong>, the vulnerability impacts &#8220;cldflt.sys,&#8221; which refers to the Windows Cloud Files Mini Filter Driver, and resides in a routine named &#8220;HsmOsBlockPlaceholderAccess.&#8221; It was originally reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020.<\/p>\n<p>Although it was assumed that the shortcoming was fixed by Microsoft in December 2020 as part of CVE-2020-17103, Chaotic Eclipse said further investigation has uncovered that the &#8220;exact same issue [&#8230;] is actually still present, unpatched.&#8221;<\/p>\n<p>&#8220;I&#8217;m unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons. The original PoC by Google worked without any changes,&#8221; the researcher added. &#8220;To highlight this issue, I weaponized the original PoC to spawn a SYSTEM shell. It seems to work reliably in my machines butsuccess rate may vary since it&#8217;s a race condition.&#8221;<\/p>\n<p>The researcher further pointed out that all Windows versions are likely affected by this vulnerability.<\/p>\n<p>In a post shared on Mastodon, security researcher Will Dormann said MiniPlasma works &#8220;reliably&#8221; to open a &#8220;cmd.exe&#8221; prompt with SYSTEM privileges on Windows 11 systems running the latest May 2026 updates. &#8220;I&#8217;ll note that it does not seem to work on the latest Insider Preview Canary Windows 11,&#8221; Dormann pointed out.<\/p>\n<p>In December 2025, Microsoft also addressed another privilege escalation flaw in the same component (CVE-2025-62221, CVSS score: 7.8), which it identified as exploited by unknown threat actors.<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/miniplasma-windows-0-day-enables-system.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems https:\/\/thehackernews.com\/2026\/05\/miniplasma-windows-0-day-enables-system.html Publish Date: 2026-05-18&#8230;<\/p>\n","protected":false},"author":1,"featured_media":248041,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjvmx8dRRiQKx4cT0aT1-zTuzdjfThwxmlbzb2ikeeqIXUXGdcJhRrq4BykcdBB572URpoAHQhSTSyahR3M7TyvOsLSCekQGCUFM8sTcdsxkrpRFrT41wF8EqKA5LjzYHpzUtro2136Iy55cKQ_wixFUSsFDnilkUNCvrDvJbHBKK3k_IelHt9lOmbW01_u\/s1600\/windows-exploits.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[27],"class_list":["post-248038","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248038"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=248038"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248038\/revisions"}],"predecessor-version":[{"id":248044,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248038\/revisions\/248044"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/248041"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=248038"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=248038"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=248038"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}