Contact Us

Blog

Rss Feed

Home  ›  Blog  ›  MiniPlasma Zero-Day: Unpatched Windows Flaw Gives Attackers SYSTEM Access

MiniPlasma Zero-Day: Unpatched Windows Flaw Gives Attackers SYSTEM Access

Published May 19th, 2026 by Bayonseo

General

Another functional zero-day attack for fully patched Windows computers has been made public by a security researcher; this one was first disclosed to Microsoft almost six years ago. The vulnerability, known as MiniPlasma, enables any regular user to rapidly increase privileges to SYSTEM level, which is the greatest level of access on a Windows computer.


What Is MiniPlasma?

MiniPlasma resides in the Windows Cloud Filter driver (cldflt.sys) and its HsmOsBlockPlaceholderAccess routine. It was originally discovered by Google Project Zero researcher James Forshaw in September 2020, assigned CVE‑2020‑17103, and supposedly patched by Microsoft in December 2020.

Yet the researcher behind the latest disclosure, known as Chaotic Eclipse (or Nightmare Eclipse), claims the exact same issue remains exploitable. "After investigating, it turns out the exact same issue that was reported to Microsoft by Google Project Zero is actually still present, unpatched," the investigator clarifies


Why It’s So Dangerous

  • Reliable & Deterministic: The exploit works reliably on fully patched Windows 11 systems, including those with the latest May 2026 Patch Tuesday updates.
  • No User Interaction Needed: The attack can be carried out locally, transforming a low-privileged account into a fully compromised machine.
  • Proven Track Record: Independent researchers, including Will Dormann of Tharros, have confirmed the exploit works on the latest public version of Windows 11. (The flaw does not work on the latest Windows 11 Insider Canary build, but that is not available to most users.)


Chaotic Eclipse's Campaign Against Microsoft

MiniPlasma is the sixth zero-day disclosed by Chaotic Eclipse in recent weeks. Their frustration with Microsoft’s handling of bug reports appears to be the driving force. "I was told personally by them that they will ruin my life... They mopped the floor with me and pulled every childish game they could," the researcher stated. Previous disclosures include BlueHammer (patched by Microsoft as CVE‑2026‑33825), RedSun, YellowKey, GreenPlasma, and UnDefend. The researcher has now made both the source code and a compiled executable publicly available.


How to Protect Your Systems

Until Microsoft issues an official patch, there is no direct fix for MiniPlasma. However, you can reduce your risk:

Restrict local user access: Limit who can log onto Windows systems interactively. The exploit requires local access to function.

Apply additional security layers: Use endpoint detection and response (EDR) solutions to monitor for unusual privilege escalation behavior.

Stay alert for Microsoft updates: Watch for Microsoft’s official advisory and apply the patch as soon as it is released.

Consider Insider Preview builds: According to researchers, the latest Canary builds are not vulnerable, an early preview of a future fix.


How Bayon Technologies Group Can Help

At Bayon Technologies Group, we help organizations stay protected when vendors fall behind. We provide:

  • Endpoint Detection & Response (EDR): Real‑time monitoring to detect and block privilege escalation attempts.
  • Application Control & Least Privilege: Reducing the attack surface by limiting what standard users can execute.
  • Vulnerability Management: Prioritizing and tracking zero‑day risks until official patches are available.
  • Security Assessments: Identifying weaknesses in your Windows environment before attackers find them.

You cannot rely solely on waiting for Microsoft to patch the same vulnerability twice. Contact Bayon Technologies Group today to fortify your Windows endpoints.


‹ Back

Serving South Florida businesses: Florida City, Miami, Coral Gables, Doral, Hollywood, Fort Lauderdale, Sunrise, Boca Raton