GoKawiilA cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed "MiniPlasma" that lets attackers gain SYSTEM privileges on fully patched Windows systems.
The exploit was published by a researcher known as Chaotic Eclipse, or Nightmare Eclipse, who released both the source code and a compiled executable on GitHub after claiming that Microsoft failed to properly patch a previously reported 2020 vulnerability.
According to the researcher, the flaw impacts the ' cldflt.sys ' Cloud Filter driver and its ' HsmOsBlockPlaceholderAccess ' routine, which was originally reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020.
At the time, the flaw was assigned the CVE-2020-17103 identifier and reportedly fixed in December 2020.
"After investigating, it turns out the exact same issue that was reported to Microsoft by Google project zero is actually still present, unpatched," explains Chaotic Eclipse.
"I'm unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons. The original PoC by Google worked without any changes."
BleepingComputer tested the exploit on a fully patched Windows 11 Pro system running the latest May 2026 Patch Tuesday updates.
In our test, we used a standard user account, and after running the exploit, it opened a command prompt with SYSTEM privileges, as shown in the image below.
MiniPlasma exploit successfully gave Windows SYSTEM privileges
Source: BleepingComputer
... continue reading