A vulnerability, known as “MiniPlasma,” has been a topic of concern since its discovery in 2020, allowing potential attackers to gain system privileges. Despite claims from Microsoft regarding a fix, independent tests reveal that the exploit remains effective even on fully patched systems, raising alarms in the cybersecurity community.
Known Vulnerability
The MiniPlasma vulnerability was first identified by Google Project Zero, a team dedicated to uncovering zero-day vulnerabilities. Security expert James Forshaw designated the flaw as CVE-2020-17103. Although Microsoft announced a fix, recent reports challenge this assertion. A security researcher, known by various aliases including “Chaotic Eclipse,” asserts that the exploit is still operational. The vulnerability resides within the cloud filter driver cldflt.sys, which plays a crucial role in managing cloud files such as those stored on OneDrive. This flaw enables attackers to elevate their privileges from a standard user account, granting them comprehensive control over the affected system.
Is a Patch Coming?
Independent evaluations have confirmed the exploit’s continued functionality. Notably, the publication “BleepingComputer” reported a successful simulation of an attack on a fully patched Windows 11 Pro system, complete with security updates from May 2026. Security analyst Will Dormann has also validated the effectiveness of the exploit. However, in a newer insider version of Windows 11, the issue appeared to be resolved, hinting at a potential forthcoming patch.
Microsoft has reiterated its commitment to investigating reported security issues and emphasizes the importance of coordinated disclosure. Given the active nature of the exploit, the anticipation for an official security update is palpable. The researcher Nightmare Eclipse has previously exposed similar vulnerabilities, intensifying scrutiny on Microsoft’s security measures.
Personal Background of the Security Researcher
In various blog posts, Nightmare Eclipse has clarified that his intentions are not malicious nor financially motivated. Instead, he seeks to draw attention to perceived flaws in Microsoft’s security policies. It remains uncertain whether cybercriminals have exploited MiniPlasma since the alleged fix was implemented. Nevertheless, there is a growing hope that an upcoming patch will effectively address this longstanding security concern.
