{"id":251717,"date":"2026-05-18T06:38:00","date_gmt":"2026-05-18T10:38:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/18\/researcher-drops-miniplasma-windows-exploit-for-unpatched-2020-cve\/"},"modified":"2026-05-21T15:20:25","modified_gmt":"2026-05-21T19:20:25","slug":"researcher-drops-miniplasma-windows-exploit-for-unpatched-2020-cve","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/18\/researcher-drops-miniplasma-windows-exploit-for-unpatched-2020-cve\/","title":{"rendered":"Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE"},"content":{"rendered":"<p><a href=\"https:\/\/www.securityweek.com\/researcher-drops-miniplasma-windows-exploit-for-unpatched-2020-cve\/\">Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE<\/a><\/p>\n<p><a href=\"https:\/\/www.securityweek.com\/researcher-drops-miniplasma-windows-exploit-for-unpatched-2020-cve\/\">https:\/\/www.securityweek.com\/researcher-drops-miniplasma-windows-exploit-for-unpatched-2020-cve\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-18 06:38:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.securityweek.com\">www.securityweek.com<\/a><\/p>\n<p class=\"wp-block-paragraph\"><strong>A security researcher has released an exploit targeting a Windows vulnerability disclosed in 2020, warning that it might have never been patched.\u00a0<\/strong><\/p>\n<p class=\"wp-block-paragraph\">The flaw, tracked as CVE-2020-17103 (CVSS score of 7.0), is described as a privilege escalation issue in the Windows Cloud Filter driver.<\/p>\n<p class=\"wp-block-paragraph\">Google Project Zero\u2019s researchers reported the weakness in 2020, and Microsoft rolled out fixes for it as part of its December 2020 Patch Tuesday updates.<\/p>\n<p class=\"wp-block-paragraph\">Per Project Zero\u2019s report on CVE-2020-17103, the vulnerable Windows Cloud Filter driver allows registry key manipulation via an undocumented API.<\/p>\n<p class=\"wp-block-paragraph\">An attacker could use an unauthenticated network session to create a key in the DEFAULT user hive without access checks, enabling privilege escalation and potentially leading to system code execution, the report reads.<\/p>\n<p class=\"wp-block-paragraph\">Now, a cybersecurity researcher known as Chaotic Eclipse and Nightmare Eclipse has released MiniPlasma, an exploit that targets the security defect to spawn a System shell.\u00a0<\/p>\n<p><span class=\"zox-ad-label\">Advertisement. Scroll to continue reading.<\/span><\/p>\n<p class=\"wp-block-paragraph\">The researcher says the original proof-of-concept (PoC) code released by Project Zero researchers works without changes, noting that either the vulnerability was never resolved or the patches were rolled back.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cAfter investigating, it turns out the exact same issue that was reported to Microsoft by Google Project Zero is actually still present, unpatched,\u201d Chaotic Eclipse says.<\/p>\n<p class=\"wp-block-paragraph\">Chaotic Eclipse recently dropped exploits for several unpatched vulnerabilities in Microsoft products, such as BlueHammer, YellowKey, and GreenPlasma, saying they are displeased with how the tech giant handles vulnerability reports.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">According to Tharros Labs senior principal vulnerability analyst Will Dormann, MiniPlasma works on Windows 11 systems with the May 2026 security updates installed.<\/p>\n<p class=\"wp-block-paragraph\">\u201cI\u2019ll note that it does not seem to work on the latest Insider Preview Canary Windows 11,\u201d Dormann says.<\/p>\n<p class=\"wp-block-paragraph\">\u201cMicrosoft is investigating&#8230;<\/p>\n<p><a href=\"https:\/\/www.securityweek.com\/researcher-drops-miniplasma-windows-exploit-for-unpatched-2020-cve\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE https:\/\/www.securityweek.com\/researcher-drops-miniplasma-windows-exploit-for-unpatched-2020-cve\/ Publish Date: 2026-05-18 06:38:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":251718,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.securityweek.com\/wp-content\/uploads\/2024\/10\/Windows-Kernel-BSOD.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-251717","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/251717"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=251717"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/251717\/revisions"}],"predecessor-version":[{"id":251719,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/251717\/revisions\/251719"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/251718"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=251717"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=251717"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=251717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}