{“lastseen”:”2026-05-18T04:59:30″,”description”:”\\n\\nChaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems.\\n\\nCodenamed **MiniPlasma** , the vulnerability impacts \\”cldflt.sys,\\” which refers to the Windows Cloud Files Mini Filter Driver, and resides in a routine named \\”HsmOsBlockPlaceholderAccess,\\” adding it was originally reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020.\\n\\nAlthough it was assumed that the shortcoming was fixed by Microsoft in December 2020 as part of CVE-2020-17103, Chaotic Eclipse said further investigation has uncovered that the \\”exact same issue […] is actually still present, unpatched.\\”\\n\\n\\”I’m unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons. The original PoC by Google worked without any changes,\\” the researcher added. \\”To highlight this issue, I weaponized the original PoC to spawn a SYSTEM shell. It seems to work reliably in my machines butsuccess rate may vary since it’s a race condition.\\”\\n\\nThe researcher further pointed out that all Windows versions are likely affected by this vulnerability.\\n\\nIn a post shared on Mastodon, security researcher Will Dormann said MiniPlasma works \\”reliably\\” to open a \\”cmd.exe\\” prompt with SYSTEM privileges on Windows 11 systems running the latest May 2026 updates. \\”I’ll note that it does not seem to work on the latest Insider Preview Canary Windows 11,\\” Dormann pointed out.\\n\\nIn December 2025, Microsoft also addressed another privilege escalation flaw in the same component (CVE-2025-62221, CVSS score: 7.8), which it identified as exploited by unknown threat actors.\\n\\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2026-05-18T04:59:00″,”modified”:”2026-05-18T04:59:21″,”type”:”thn”,”title”:”MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems”,”source”:””,”references”:””,”id”:”THN:523BBE15F0918BBFD899655384B7F663″,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2026\/05\/miniplasma-windows-0-day-enables-system.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-05-18T04:59:30″,”description”:”\\n\\nChaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,7,11,43,5],"class_list":["post-55220","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n