A previously unknown Windows privilege escalation flaw, codenamed MiniPlasma, has been disclosed, allowing attackers to gain SYSTEM privileges on fully patched Windows systems by exploiting a vulnerability in the "cldflt.sys" driver, which is part of the Windows Cloud Files Mini Filter Driver. This zero-day vulnerability enables attackers to escalate privileges without requiring any user interaction, making it a significant threat to system security. The flaw was discovered by Chaotic Eclipse, a security researcher who has previously identified other Windows vulnerabilities, including YellowKey and GreenPlasma. As a zero-day exploit, MiniPlasma is being used before a patch is available, putting defenders at a disadvantage1. The fact that this vulnerability can be exploited on fully patched systems makes it particularly concerning, as it highlights the limitations of traditional patch management strategies. This vulnerability matters to security practitioners because it underscores the need for proactive defense measures to mitigate zero-day threats.
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
⚡ High Priority
Why This Matters
Zero-day exploitation means the vulnerability is being used before patches exist — defenders are already behind.
References
- The Hacker News. (2026, May 18). MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems. *The Hacker News*. https://thehackernews.com/2026/05/miniplasma-windows-0-day-enables-system.html
Original Source
The Hacker News
Read original →