A security researcher has launched an exploit focusing on a Home windows vulnerability disclosed in 2020, warning that it might need by no means been patched.
The flaw, tracked as CVE-2020-17103 (CVSS rating of seven.0), is described as a privilege escalation concern within the Home windows Cloud Filter driver.
Google Undertaking Zero’s researchers reported the weak spot in 2020, and Microsoft rolled out fixes for it as a part of its December 2020 Patch Tuesday updates.
Per Undertaking Zero’s report on CVE-2020-17103, the susceptible Home windows Cloud Filter driver permits registry key manipulation through an undocumented API.
An attacker may use an unauthenticated community session to create a key within the DEFAULT person hive with out entry checks, enabling privilege escalation and doubtlessly resulting in system code execution, the report reads.
Now, a cybersecurity researcher often known as Chaotic Eclipse and Nightmare Eclipse has launched MiniPlasma, an exploit that targets the security defect to spawn a System shell.
The researcher says the unique proof-of-concept (PoC) code launched by Undertaking Zero researchers works with out adjustments, noting that both the vulnerability was by no means resolved or the patches had been rolled again.
“After investigating, it seems the very same concern that was reported to Microsoft by Google Undertaking Zero is definitely nonetheless current, unpatched,” Chaotic Eclipse says.
Chaotic Eclipse just lately dropped exploits for a number of unpatched vulnerabilities in Microsoft merchandise, comparable to BlueHammer, YellowKey, and GreenPlasma, saying they’re displeased with how the tech big handles vulnerability studies.
In line with Tharros Labs senior principal vulnerability analyst Will Dormann, MiniPlasma works on Home windows 11 programs with the Might 2026 security updates put in.
“I’ll word that it doesn’t appear to work on the newest Insider Preview Canary Home windows 11,” Dormann says.
information.killnetswitch has emailed Microsoft for an announcement on the matter and can replace this text if the corporate responds.
