MiniPlasma: A Windows LPE Microsoft Thought It Patched in 2020 Is Back — Unpatched — and Opens a SYSTEM Shell on Fully Updated Windows 11

What happened

Chaotic Eclipse, the researcher currently engaged in an extended public conflict with Microsoft over vulnerability disclosure practices, has published a weaponized proof-of-concept for MiniPlasma, a Windows local privilege escalation zero-day that escalates an unprivileged process to SYSTEM on fully patched Windows 11 systems. The flaw lives in cldflt.sys — the Windows Cloud Files Mini Filter Driver — specifically within a routine called HsmOsBlockPlaceholderAccess.

The history of this vulnerability is what makes the disclosure particularly pointed. The original issue was reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020. Microsoft issued a fix in December 2020, assigning the identifier CVE-2020-17103. For nearly six years, the security community's understanding was that this issue had been resolved.

Chaotic Eclipse's investigation found otherwise. The researcher examined the current state of the codebase and confirmed that the exact same logic bug in HsmOsBlockPlaceholderAccess that Forshaw originally reported remains present in Windows today, unaltered. The original proof-of-concept code published by Google Project Zero in 2020 runs without any modifications and successfully triggers the vulnerability on systems with the latest May 2026 Windows updates applied.

The researcher acknowledged uncertainty about the mechanism of the regression: "I'm unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons." The ambiguity is uncomfortable in either direction. If the fix was never actually applied correctly, a six-year-old vulnerability report produced no real remediation. If the fix was applied and subsequently silently reverted, that represents a quality control failure in the patching process itself.

Security researcher Will Dormann independently verified the exploit on Windows 11 running the latest May 2026 update cycle, confirming that MiniPlasma "works reliably to open a cmd.exe prompt with SYSTEM privileges." Dormann did note one exception: the exploit does not appear to function on the Windows 11 Insider Preview Canary build, which may indicate that a fix has been quietly introduced there ahead of a formal public release.

To exploit MiniPlasma, the PoC uses a race condition in the HsmOsBlockPlaceholderAccess routine to obtain SYSTEM privileges. Chaotic Eclipse described the success rate as variable due to the race condition's timing sensitivity, but characterized it as working reliably enough in practice on the machines tested to constitute a functional exploit.

In December 2025, Microsoft patched a separate privilege escalation flaw in the same cldflt.sys component — CVE-2025-62221, CVSS score 7.8 — which Microsoft identified as having been exploited by unknown threat actors. That means the same driver has now been linked to at least three distinct exploitable issues: the original 2020 report, the 2025 exploitation, and MiniPlasma in 2026.

Who is affected

Chaotic Eclipse stated that all Windows versions are likely affected by MiniPlasma. The independent confirmation by Dormann focused on Windows 11 with the May 2026 security updates — fully patched — where the exploit produces a SYSTEM shell reliably. The exception noted is the Insider Preview Canary channel, which may have already received a fix that has not yet shipped to production Windows 11 users.

Until Microsoft issues a formal advisory, it is reasonable to treat any Windows installation running cldflt.sys as potentially exposed. The Cloud Files Mini Filter Driver is part of the Windows OneDrive and Windows Shell integration infrastructure, meaning it is present on virtually every modern Windows endpoint and server regardless of whether OneDrive is actively in use.

Risk level

High

MiniPlasma requires local unprivileged access to exploit. An external attacker with no foothold on the target system cannot trigger this directly. However, the practical threat model is identical to the other Windows zero-days in active disclosure at this time: any attacker who gains unprivileged code execution on a Windows system — through a phishing payload, a web browser exploit, a vulnerable application, or any other initial access vector — has a reliable path to SYSTEM privileges on an unpatched machine.

The combination of a public, functional PoC and the absence of any vendor patch is the profile that produces rapid exploitation in the wild. The previous Defender zero-days from this same researcher — BlueHammer, RedSun, UnDefend — made that transition from public disclosure to active exploitation in a short window. MiniPlasma should be treated with the same expectation.

The discovery that the same issue was reported in 2020 and assumed fixed adds a layer of institutional concern: if organizations audited their exposure to CVE-2020-17103 at the time and concluded they were protected, that assessment was incorrect. Any hardening guidance or risk treatment decisions made on that basis need to be revisited.

What to do

No vendor patch is currently available. Until Microsoft releases a fix:

1. Monitor Microsoft's Security Update Guide and security advisory channels closely — the Insider Preview Canary behavior Dormann noted suggests a fix may be in internal staging
2. Apply every available defense-in-depth control against local privilege escalation on Windows endpoints: Credential Guard, Attack Surface Reduction rules, and application control policies that limit which processes can interact with the Cloud Files driver stack
3. Treat systems where unprivileged users have local interactive or shell access as at elevated risk and review whether that access is operationally necessary
4. Track Chaotic Eclipse's disclosures actively — the researcher has explicitly signaled more releases coinciding with June 2026 Patch Tuesday and has been making multiple disclosures in quick succession
5. Review endpoint detection rules for privilege escalation patterns involving cldflt.sys and unexpected parent-child process relationships where a low-privileged process spawns a SYSTEM-context child

If Dormann's observation holds, the Insider Preview Canary channel contains a version of Windows that does not exhibit this vulnerability. For security-sensitive testing environments, running the latest Canary build and observing whether new patches contain cldflt.sys changes may provide advance warning of when the fix is approaching production deployment.

Analysis

The story of MiniPlasma is less about the specific technical mechanics of HsmOsBlockPlaceholderAccess and more about what happens when a vulnerability fix either does not land correctly or does not survive the patching lifecycle intact. CVE-2020-17103 was reported by one of the most credible vulnerability researchers in the industry, assigned a formal identifier, and listed as patched. Six years of security operations decisions were made on the assumption that the fix held.

The fact that the same PoC code works today without modification is a specific kind of failure mode that is difficult to detect through normal patching verification. Most organizations verify that patches are installed. Very few verify that the specific behavior the patch was meant to correct has actually been corrected in the running binaries. The gap between those two things is exactly the gap that MiniPlasma fell into.

The cldflt.sys driver has now been a source of exploited Windows privilege escalation across at least two distinct incidents in the last six months. In December 2025, threat actors exploited CVE-2025-62221 in the same component before Microsoft detected and patched it. In May 2026, MiniPlasma demonstrates a second unpatched exploitable condition in the same driver. Drivers that mediate between user-mode file operations and kernel storage semantics — particularly those involved in the placeholder and sync machinery used by cloud storage integrations — tend to be complex, stateful, and difficult to audit exhaustively. cldflt.sys is a reasonable candidate for further focused research, both by the security community and by Microsoft's own engineering teams.

The timing of this disclosure relative to the researcher's ongoing conflict with Microsoft is clearly deliberate. Chaotic Eclipse has structured the disclosure calendar around the June Patch Tuesday deadline, explicitly telegraphing that more releases are coming. Whether that pressure translates into faster vendor response or simply more exposed attack surface for defenders to manage without patches is the operative question. Based on the trajectory of the earlier Defender disclosures, it is safest to assume the latter and plan accordingly.