Chaotic Eclipse, the security researcher behind the not too long ago disclosed Home windows flaws, YellowKey and GreenPlasma, has launched a proof-of-concept (PoC) for a Home windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on totally patched Home windows programs.
Codenamed MiniPlasma, the vulnerability impacts “cldflt.sys,” which refers back to the Home windows Cloud Recordsdata Mini Filter Driver, and resides in a routine named “HsmOsBlockPlaceholderAccess,” including it was initially reported to Microsoft by Google Mission Zero researcher James Forshaw in September 2020.
Though it was assumed that the shortcoming was fastened by Microsoft in December 2020 as a part of CVE-2020-17103, Chaotic Eclipse stated additional investigation has uncovered that the “very same situation […] is definitely nonetheless current, unpatched.”
“I am not sure if Microsoft simply by no means patched the difficulty or the patch was silently rolled again in some unspecified time in the future for unknown causes. The unique PoC by Google labored with none modifications,” the researcher added. “To spotlight this situation, I weaponized the unique PoC to spawn a SYSTEM shell. It appears to work reliably in my machines butsuccess fee might fluctuate since it is a race situation.”
The researcher additional identified that each one Home windows variations are possible affected by this vulnerability.
In a publish shared on Mastodon, security researcher Will Dormann stated MiniPlasma works “reliably” to open a “cmd.exe” immediate with SYSTEM privileges on Home windows 11 programs working the most recent Might 2026 updates. “I will notice that it doesn’t appear to work on the most recent Insider Preview Canary Home windows 11,” Dormann identified.
In December 2025, Microsoft additionally addressed one other privilege escalation flaw in the identical element (CVE-2025-62221, CVSS rating: 7.8), which it recognized as exploited by unknown menace actors.
