Bleepingcomputer
MiniPlasma Zero-Day Exploit Grants SYSTEM Access on Patched Windows Systems
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A newly discovered Windows zero-day exploit, named MiniPlasma, allows attackers to gain SYSTEM-level privileges on fully patched Windows systems. The exploit targets the cldflt.sys Cloud Filter driver, specifically the HsmOsBlockPlaceholderAccess routine, and was initially reported by Google Project Zero in September 2020 as CVE-2020-17103. Despite being supposedly patched in December 2020, the vulnerability remains exploitable, as confirmed by multiple researchers including Chaotic Eclipse. The proof-of-concept (PoC) code was released on GitHub, demonstrating that it works on Windows 11 systems with the latest updates. Security experts have noted that the exploit requires a foothold on the system, making it a local privilege escalation (LPE) issue rather than a remote exploit. The exploit's success rate may vary due to its reliance on a race condition. Microsoft has not yet responded to inquiries regarding this re-emerging vulnerability.
Key Points: • MiniPlasma allows SYSTEM access on fully patched Windows systems via a known vulnerability. • The exploit targets the cldflt.sys driver, which was believed to be patched in 2020. • Researchers have confirmed the exploit's effectiveness on Windows 11, raising concerns about patch integrity.