Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix
Publish Date: 2026-05-18 04:13:09
Source Domain: securityaffairs.com
The article sheds light on a critical issue revealed by security researcher Chaotic Eclipse regarding the persistent vulnerability known as MiniPlasma in Windows operating systems. Despite a reported fix for CVE-2020-17103 back in 2020, Chaotic Eclipse has disclosed a zero-day exploit that grants attackers SYSTEM privileges on fully patched Windows 11 systems. The exploit targets the “cldflt.sys” driver via a route dubbed “HsmOsBlockPlaceholderAccess,” which remains vulnerable to the original flaw uncovered by Google Project Zero’s James Forshaw. The exploit’s proof-of-concept demonstrated reliable escalation of privilege across test environments, which raises broader doubts about the effectiveness and thoroughness of Windows patch management. The ongoing disclosures by Chaotic Eclipse have intensified the long-division debate concerning whether releasing exploit codes to expedite vendor actions is more beneficial than the traditional responsible disclosure process. The persistence of this vulnerability not only threatens the security of millions of Windows users but also brings into question the reliability of patch management over many years of software development.
Key Points:
– MiniPlasma, a zero-day exploit, demonstrates the continuation of a patched vulnerability (CVE-2020-17103) in Windows 11.
– Google Project Zero researcher James Forshaw originally reported this issue to Microsoft, which supposedly addressed it.
– This reappearance of the vulnerability raises concerns about the reliability of Microsoft’s patch management practices.
– The disclosure highlights a dilemma in cybersecurity: quick vulnerability fixing versus potential risks from exploit code availability.
– The story questions the perennial trust in patch management, underscoring the need for more thorough validation and continuous verification of software integrity.
