{"id":248247,"date":"2026-05-18T04:22:00","date_gmt":"2026-05-18T08:22:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/18\/chaotic-eclipse-discloses-miniplasma-zero-day-suggesting-a-missing-or-undone-2020-windows-security-fix\/"},"modified":"2026-05-18T07:35:11","modified_gmt":"2026-05-18T11:35:11","slug":"chaotic-eclipse-discloses-miniplasma-zero-day-suggesting-a-missing-or-undone-2020-windows-security-fix","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/18\/chaotic-eclipse-discloses-miniplasma-zero-day-suggesting-a-missing-or-undone-2020-windows-security-fix\/","title":{"rendered":"Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix"},"content":{"rendered":"

Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix<\/a><\/p>\n

https:\/\/securityaffairs.com\/192325\/hacking\/chaotic-eclipse-discloses-miniplasma-zero-day-suggesting-a-missing-or-undone-2020-windows-security-fix.html<\/a><\/p>\n

Publish Date: 2026-05-18 04:22:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ May 18, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

MiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11.<\/h2>\n

Once again, security researcher Chaotic Eclipse has released a proof-of-concept exploit for a new Windows privilege escalation zero-day called MiniPlasma, which can grant attackers SYSTEM privileges on fully patched systems. <\/p>\n

The flaw affects \u201ccldflt.sys,\u201d the Windows Cloud Files Mini Filter Driver, specifically within the \u201cHsmOsBlockPlaceholderAccess\u201d routine. Google Project Zero researcher James Forshaw originally reported the vulnerability to Microsoft in September 2020.<\/p>\n

\u201cAfter re-investigating the technique used in GreenPlasma (specifically SetPolicyVal), it turns out cldflt!HsmOsBlockPlaceholderAccess is still vulnerable to the exact same issue that was reported to Microsoft 6 years ago. I\u2019m not taking full credit for this, James Forshaw from google project zero found the vulnerability and reported it to Microsoft and was supposedly fixed as\u00a0CVE-2020-17103.\u201d Chaotic Eclipse wrote. <\/p>\n

\u201cHowever, a research who\u2019s a friend of mine pointed out that the routine might still have a vulnerability, which is something I considered but brushed off because I thought it was impossible for Microsoft to just not patch this or rollback the patch.\u201d<\/p>\n

Chaotic Eclipse investigated further and found that the exact same vulnerability is still present in fully patched systems running the latest May 2026 updates. The original proof-of-concept code published by Forshaw worked without modification. The researcher then weaponized it to spawn a SYSTEM shell and published it as MiniPlasma, noting that reliability may vary due to the exploit\u2019s race-condition nature, but that it worked consistently across their…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix https:\/\/securityaffairs.com\/192325\/hacking\/chaotic-eclipse-discloses-miniplasma-zero-day-suggesting-a-missing-or-undone-2020-windows-security-fix.html…<\/p>\n","protected":false},"author":1,"featured_media":248249,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2026\/05\/image-51.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[31,27],"class_list":["post-248247","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248247"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=248247"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248247\/revisions"}],"predecessor-version":[{"id":248250,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248247\/revisions\/248250"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/248249"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=248247"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=248247"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=248247"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}