MiniPlasma Zero-Day Exploit Grants SYSTEM Access on Patched Windows Systems

MiniPlasma Zero-Day Exploit Grants SYSTEM Access on Patched Windows Systems

First seen 18 May 2026, 06:17 UTC BleepingcomputerCybersecuritynewsNeowinPcquestSecurityaffairs.Co+21 90% similarity 69.8

Article Content

Browse articles
ThreatCluster

A newly discovered Windows zero-day exploit, named MiniPlasma, allows attackers to gain SYSTEM-level privileges on fully patched Windows systems. The exploit targets the cldflt.sys Cloud Filter driver, specifically the HsmOsBlockPlaceholderAccess routine, and was initially reported by Google Project Zero in September 2020 as CVE-2020-17103. Despite being supposedly patched in December 2020, the vulnerability remains exploitable, as confirmed by multiple researchers including Chaotic Eclipse. The proof-of-concept (PoC) code was released on GitHub, demonstrating that it works on Windows 11 systems with the latest updates. Security experts have noted that the exploit requires a foothold on the system, making it a local privilege escalation (LPE) issue rather than a remote exploit. The exploit's success rate may vary due to its reliance on a race condition. Microsoft has not yet responded to inquiries regarding this re-emerging vulnerability.

Key Points: • MiniPlasma allows SYSTEM access on fully patched Windows systems via a known vulnerability. • The exploit targets the cldflt.sys driver, which was believed to be patched in 2020. • Researchers have confirmed the exploit's effectiveness on Windows 11, raising concerns about patch integrity.

ThreatCluster AI

Timeline

2020-09-01
CVE-2020-17103 reported
Google Project Zero researcher James Forshaw reported a privilege escalation vulnerability in Windows.
Csoonline
2020-12-09
CVE-2020-17103 published
Microsoft published the vulnerability, claiming it was patched as part of December updates.
Csoonline
2026-04-14
CVE-2026-33825 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-15
MiniPlasma PoC released
Chaotic Eclipse released a proof-of-concept exploit for the MiniPlasma vulnerability on GitHub.
Bleepingcomputer
2026-05-18
MiniPlasma confirmed working on Windows 11
Multiple security researchers confirmed the exploit works on fully patched Windows 11 systems.
Notebookcheck

Community

Browse all →