A previously patched elevation-of-privilege vulnerability in the Windows Cloud Filter driver "cldflt.sys" has resurfaced, allowing attackers to gain SYSTEM-level privileges. The flaw, initially reported by Google Project Zero researcher James Forshaw in 2020, was recently reexploited by researcher Nightmare Eclipse, raising questions about the effectiveness of Microsoft's original patch. The vulnerability's resurgence has significant implications for Windows security, as it potentially enables malicious actors to escalate privileges and gain unrestricted access to system resources. The fact that this flaw remains exploitable six years after its initial disclosure suggests that Microsoft's patch may have been incomplete or inadequate1. This matters to security practitioners because it highlights the importance of thorough vulnerability remediation and the need for continuous monitoring of supposedly patched flaws to prevent their reemergence as zero-day exploits.
‘Patched’ Windows bug resurfaces 6 years later as working SYSTEM-level exploit
⚡ High Priority
Why This Matters
An old elevation-of-privilege (EoV) vulnerability affecting the Cloud Filter driver “cldflt.sys” in Windows has come back to haunt Microsoft, as researchers claim it is still.
References
- CSO Online. (2026, May 18). ‘Patched’ Windows bug resurfaces 6 years later as working SYSTEM-level exploit. *CSO Online*. https://www.csoonline.com/article/4172320/patched-windows-bug-resurfaces-6-years-later-as-working-system-level-exploit.html
Original Source
CSO Online
Read original →