A previously believed patched Windows privilege escalation vulnerability, CVE-2020-17103, has been found to still be exploitable on fully patched Windows 11 systems, allowing attackers to gain SYSTEM privileges. The flaw, known as MiniPlasma, resides in the "cldflt.sys" driver, specifically within the "HsmOsBlockPlaceholderAccess" routine, and can be exploited using a proof-of-concept developed by security researcher Chaotic Eclipse1. This discovery suggests that a security fix from 2020 may have been incomplete or improperly applied. The vulnerability affects the Windows Cloud Files Mini Filter Driver, which is responsible for managing cloud-based files. The fact that this vulnerability remains exploitable despite being supposedly patched in 2020 raises concerns about the effectiveness of Windows security updates. This matters to security practitioners because it highlights the need for ongoing monitoring and testing of supposedly patched vulnerabilities to ensure they are actually secure.
Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix
⚠️ Critical Alert
Why This Matters
CVE-2020-17103 is in active discussion involving Google — exploitation status determines whether this is patch-now or monitor.
References
- SecurityAffairs. (2026, May 18). Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix. SecurityAffairs. https://securityaffairs.com/192325/hacking/chaotic-eclipse-discloses-miniplasma-zero-day-suggesting-a-missing-or-undone-2020-windows-security-fix.html
Original Source
SecurityAffairs
Read original →