MiniPlasma Zero-Day: Unpatched CVE-2020-17103 Still Grants SYSTEM on Windows 11

A public exploit called MiniPlasma demonstrates that CVE-2020-17103 — a Windows Cloud Filter driver privilege escalation vulnerability Microsoft claimed to have fixed in December 2020 — remains fully exploitable on Windows 10, Windows 11, Windows Server 2022, and Windows Server 2025 running the latest May 2026 security updates. A working proof-of-concept is publicly available on GitHub, and Microsoft has not issued a patch or emergency advisory.

// 01 MiniPlasma: Technical Details

CVE-2020-17103 is a local privilege escalation (LPE — an attack where a low-privileged user on a machine gains elevated permissions, in this case SYSTEM-level control) flaw inside cldflt.sys, the Windows Cloud Files Mini Filter Driver. This driver handles cloud-backed file storage for services such as OneDrive and Windows cloud sync. Its HsmOsBlockPlaceholderAccess routine contains a race condition — a timing flaw where two code paths execute simultaneously and interact with shared resources in an unsafe order — that allows an attacker to create arbitrary registry keys in the .DEFAULT user hive without any access controls being enforced.

The bug was first discovered by James Forshaw, a researcher at Google Project Zero, who reported it to Microsoft in September 2020. Microsoft assigned CVE-2020-17103 and shipped what was described as a fix in the December 2020 Patch Tuesday cycle. Researcher Chaotic Eclipse — publishing under the handle Nightmare-Eclipse — found in May 2026 that the fix is either incomplete or was silently reverted in a subsequent update. The original proof-of-concept code from 2020 executes without modification on systems updated through May 2026 Patch Tuesday.

The exploit abuses an undocumented Windows API call, CfAbortHydration, exposed by the cloud filter driver. By triggering the race condition through this API, an attacker with a standard (non-administrative) Windows account can force the creation of registry keys under HKEY_USERS.DEFAULT — a location normally inaccessible to unprivileged code. The crafted registry writes then allow the attacker to escalate their session to NT AUTHORITYSYSTEM, the highest privilege level on a Windows system, and spawn an interactive command shell with full control of the machine.

Chaotic Eclipse published full source code and a compiled binary on GitHub. The exploit "works reliably" on Windows 11 in testing, though because it exploits a race condition — meaning the vulnerability depends on two code paths reaching a critical point simultaneously — success rate may vary slightly depending on system load and CPU timing.

// 02 Exploitation Status and Threat Landscape

The MiniPlasma PoC (Proof-of-Concept — working exploit code published publicly, allowing anyone to test or weaponize it) was released on May 13, 2026, shortly after the May 2026 Patch Tuesday cycle. Microsoft has not assigned a new CVE identifier to the reappeared vulnerability and has not issued an emergency out-of-band patch. A Microsoft spokesperson told SecurityWeek that the company "is investigating this report and will take appropriate action to protect customers as soon as possible." The next scheduled Patch Tuesday is June 10, 2026.

No threat actor group has been publicly attributed to active in-the-wild exploitation of MiniPlasma as of publication. However, the public availability of a working, reliable exploit binary lowers the barrier to attack significantly. LPE vulnerabilities are a standard second stage in cyberattack chains: once an attacker obtains any foothold on a Windows machine — through phishing, a vulnerable application, or lateral movement — an LPE exploit elevates that access to SYSTEM, allowing the attacker to disable defenses, dump credentials, install persistent backdoors, or pivot to adjacent systems. The previous related vulnerability in the same driver component, CVE-2025-62221 (rated CVSS 7.8 — High severity), was reported as actively exploited in December 2025, demonstrating that threat actors do target cldflt.sys flaws in practice.

One important caveat: independent testing confirms MiniPlasma does not function on Windows 11 Insider Preview Canary builds, suggesting Microsoft has made changes to the relevant code path that have not yet reached the stable release channel.

// 03 Who Is Affected

MiniPlasma affects the following fully patched configurations:

• Windows 10 — all supported versions with May 2026 cumulative updates applied
• Windows 11 — all supported versions (21H2 through 24H2) with May 2026 cumulative updates applied
• Windows Server 2022 — with current updates applied
• Windows Server 2025 — with current updates applied

The vulnerability requires local access to the target machine: an attacker must already be logged in as a standard (non-administrator) user, or have achieved code execution at low privilege through another vulnerability or mechanism. It does not enable remote, unauthenticated exploitation on its own. Environments where attackers commonly reach this stage include enterprise workstations compromised through phishing, RDP-exposed servers, and multi-tenant systems where users share hardware.

Given that Windows 11 had over 400 million active devices as of 2025, the potential attack surface is enormous. Any Windows environment where users run without administrator rights — which is considered security best practice — is a candidate target if an attacker achieves initial access.

// 04 What You Should Do Right Now

No vendor patch is available. The following steps reduce risk until Microsoft releases a fix:

• Enable registry key monitoring on all Windows endpoints. Configure your EDR (Endpoint Detection and Response — security software that monitors endpoint activity for malicious behavior) or SIEM (Security Information and Event Management — a platform that aggregates and correlates security alerts) to alert on writes to these specific registry paths: RegistryUserSoftwarePoliciesMicrosoftCloudFilesBlockedApps and RegistryUser.DEFAULTVolatile Environment. These are the keys MiniPlasma creates to achieve privilege escalation.

• Deploy Windows Defender Application Control (WDAC) or AppLocker policies to restrict execution of unsigned binaries and untrusted executables. MiniPlasma requires running a compiled binary on the target system, and application allowlisting significantly raises the cost of using it.

• Audit all accounts with local logon rights on sensitive servers. Reduce the number of standard-user accounts with interactive access to high-value systems such as domain controllers, file servers, and backup infrastructure.

• Prioritize applying the June 10, 2026 Patch Tuesday update as soon as it is available. Track Microsoft's Security Update Guide for an update addressing CVE-2020-17103 or the underlying cldflt.sys regression.

• Confirm EDR coverage on all Windows endpoints. Systems without EDR telemetry cannot alert on the registry key writes that indicate MiniPlasma activity. Inventory gaps now.

• Watch for threat actor toolkits incorporating MiniPlasma. Given the public PoC, expect the exploit to appear in post-exploitation frameworks. IOC sharing from partners such as CISA should be monitored; if CISA adds this to the Known Exploited Vulnerabilities catalog, federal agencies will have a mandatory patching deadline.

// 05 Background: Understanding the Risk

Silent regressions — where a security fix shipped in one update is undone by a subsequent change — are among the most dangerous vulnerability classes because defenders assume the original CVE is resolved and stop monitoring for it. Google Project Zero has documented multiple examples of this pattern across Windows, Linux, and macOS over the years. The CVE-2020-17103 case is a textbook example: the vulnerability existed, was reported, was apparently patched, and five years later a researcher found it behaving identically to its pre-patch state.

The Cloud Filter driver (cldflt.sys) has become an increasingly attractive attack target as Microsoft has expanded OneDrive cloud sync integration across Windows. The driver runs in kernel mode — the most privileged ring of the operating system, where code has unrestricted access to hardware and system state — making any exploitable bug in it a direct path to SYSTEM. The related CVE-2025-62221, reported exploited in December 2025, confirms that adversaries actively probe this attack surface.

Local privilege escalation vulnerabilities have been central to some of the most damaging enterprise attacks on record. In ransomware operations, attackers typically rely on LPE to elevate beyond the initial user context and disable antivirus, shadow copy backups, and EDR tools before deploying the encryption payload. In espionage campaigns, LPE enables the attacker to dump the LSASS process (Local Security Authority Subsystem Service — the Windows process that stores hashed credentials) and harvest credentials for lateral movement. An unpatched, reliable LPE with public PoC code shortens the window between initial access and full domain compromise.

// 06 Conclusion

MiniPlasma reveals that CVE-2020-17103 — a Windows Cloud Filter driver race condition — was never fully remediated and grants SYSTEM privileges on fully patched Windows 10, 11, and Server 2022/2025 today. With a working public PoC and no patch until at least June 10, defenders should activate registry key monitoring, enforce application control policies, and audit local logon access on sensitive systems now.