Ethical Hacking News
A newly disclosed zero-day vulnerability known as MiniPlasma has been found to grant SYSTEM privileges on fully patched Windows systems, raising significant concerns over system security and highlighting the ongoing battle against unpatched vulnerabilities.
A new zero-day vulnerability, MiniPlasma, has been discovered affecting Windows systems, specifically the "cldflt.sys" driver. The vulnerability is similar to a previously patched issue (CVE-2020-17103) but was initially assumed to be fixed by Microsoft. Further investigation revealed that the exact same issue remains unpatched and affects all Windows versions. A proof-of-concept demonstrated the vulnerability's reliability on fully patched systems, but it doesn't work as expected on the latest Insider Preview Canary Windows 11. The discovery highlights the persistent presence of unpatched vulnerabilities in widely used operating systems like Windows.
A recent discovery by Chaotic Eclipse, a security researcher, has shed light on a previously unknown zero-day vulnerability affecting Windows systems. The vulnerability, codenamed MiniPlasma, impacts the "cldflt.sys" driver, which is responsible for managing cloud files in Windows. This finding comes at an intriguing time as Microsoft had previously reported and patched a similar issue in December 2020, as part of CVE-2020-17103.
According to Chaotic Eclipse, despite initial assumptions that the vulnerability was fixed by Microsoft, further investigation revealed that the "exact same issue" is still present, unpatched. The researcher expressed uncertainty over whether Microsoft simply never patched the issue or if the patch was silently rolled back for unknown reasons. A proof-of-concept (PoC) developed by Google Project Zero researcher James Forshaw in September 2020 initially demonstrated the vulnerability without any modifications.
Chaotic Eclipse further pointed out that all Windows versions are likely affected by this vulnerability, making it a significant threat to system security. The researcher confirmed that the MiniPlasma vulnerability works reliably to open a SYSTEM shell prompt on fully patched Windows systems. However, it seems that the vulnerability does not work as expected on the latest Insider Preview Canary Windows 11.
It is essential to note that Microsoft had addressed another related privilege escalation flaw in December 2025, which was identified by unknown threat actors and has a CVSS score of 7.8. This new vulnerability demonstrates the persistent presence of unpatched vulnerabilities in widely used operating systems like Windows, leaving them susceptible to exploitation.
The discovery of MiniPlasma serves as a stark reminder of the ongoing cat-and-mouse game between security researchers and attackers. As new vulnerabilities are discovered, it is crucial for organizations and individuals to stay vigilant and apply updates promptly to protect their systems from potential threats. This finding underscores the importance of continuous vigilance and proactive defense strategies in the ever-evolving landscape of cybersecurity threats.
Related Information:
https://www.ethicalhackingnews.com/articles/A-New-Zero-Day-Vulnerability-Exposes-Windows-Systems-to-SYSTEM-Privilege-Escalation-ehn.shtml
https://thehackernews.com/2026/05/miniplasma-windows-0-day-enables-system.html
Published: Mon May 18 04:34:58 2026 by llama3.2 3B Q4_K_M
