{"id":215262,"date":"2026-05-18T00:59:00","date_gmt":"2026-05-18T04:59:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/18\/miniplasma-windows-0-day-enables-system-privilege-escalation-on-fully-patched-systems\/"},"modified":"2026-05-18T04:20:25","modified_gmt":"2026-05-18T08:20:25","slug":"miniplasma-windows-0-day-enables-system-privilege-escalation-on-fully-patched-systems","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/18\/miniplasma-windows-0-day-enables-system-privilege-escalation-on-fully-patched-systems\/","title":{"rendered":"MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/miniplasma-windows-0-day-enables-system.html\">MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/miniplasma-windows-0-day-enables-system.html\">https:\/\/thehackernews.com\/2026\/05\/miniplasma-windows-0-day-enables-system.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-18 00:59:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.<br \/>\n\ue804Ravie Lakshmanan\ue802May 18, 2026Zero Day \/ Vulnerability<br \/>\nChaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems.<br \/>\nCodenamed MiniPlasma, the vulnerability impacts &#8220;cldflt.sys,&#8221; which refers to the Windows Cloud Files Mini Filter Driver, and resides in a routine named &#8220;HsmOsBlockPlaceholderAccess.&#8221; It was originally reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020.<br \/>\nAlthough it was assumed that the shortcoming was fixed by Microsoft in December 2020 as part of CVE-2020-17103, Chaotic Eclipse said further investigation has uncovered that the &#8220;exact same issue [&#8230;] is actually still present, unpatched.&#8221;<\/p>\n<p>&#8220;I&#8217;m unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons. The original PoC by Google worked without any changes,&#8221; the researcher added. &#8220;To highlight this issue, I weaponized the original PoC to spawn a SYSTEM shell. It seems to work reliably in my machines butsuccess rate may vary since it&#8217;s a race condition.&#8221;<br \/>\nThe researcher further pointed out that all Windows versions are likely affected by this vulnerability.<br \/>\nIn a post shared on Mastodon, security researcher Will Dormann said MiniPlasma works &#8220;reliably&#8221; to open a &#8220;cmd.exe&#8221; prompt with SYSTEM privileges on Windows 11 systems running the latest May 2026 updates. &#8220;I&#8217;ll note that it does not seem to work on the latest Insider Preview Canary Windows 11,&#8221; Dormann pointed out.<br \/>\nIn December 2025, Microsoft also addressed another privilege escalation flaw in the same component (CVE-2025-62221, CVSS score: 7.8), which it identified as exploited by unknown threat actors.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems https:\/\/thehackernews.com\/2026\/05\/miniplasma-windows-0-day-enables-system.html Publish Date: 2026-05-18&#8230;<\/p>\n","protected":false},"author":1,"featured_media":215263,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjvmx8dRRiQKx4cT0aT1-zTuzdjfThwxmlbzb2ikeeqIXUXGdcJhRrq4BykcdBB572URpoAHQhSTSyahR3M7TyvOsLSCekQGCUFM8sTcdsxkrpRFrT41wF8EqKA5LjzYHpzUtro2136Iy55cKQ_wixFUSsFDnilkUNCvrDvJbHBKK3k_IelHt9lOmbW01_u\/s1600\/windows-exploits.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[27],"class_list":["post-215262","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215262"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=215262"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215262\/revisions"}],"predecessor-version":[{"id":215264,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215262\/revisions\/215264"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/215263"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=215262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=215262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=215262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}