New Windows 'MiniPlasma' Zero-Day Exploit Gives SYSTEM Access, PoC Released

A researcher known as Chaotic Eclipse has released a proof-of-concept exploit for a new Windows zero-day dubbed MiniPlasma, which BleepingComputer confirmed can grant SYSTEM privileges on fully patched Windows 11 systems. The researcher claims the bug is effectively a still-exploitable version of a 2020 flaw Microsoft said it had fixed. From the report: At the time, the flaw was assigned the CVE-2020-17103 identifier and reportedly fixed in December 2020. "After investigating, it turns out the exact same issue that was reported to Microsoft by Google project zero is actually still present, unpatched," explains Chaotic Eclipse. "I'm unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons. The original PoC by Google worked without any changes."

BleepingComputer tested the exploit on a fully patched Windows 11 Pro system running the latest May 2026 Patch Tuesday updates. In our test, we used a standard user account, and after running the exploit, it opened a command prompt with SYSTEM privileges, as shown in the image [here]. Will Dormann, principal vulnerability analyst at Tharros, also confirmed the exploit works in his tests on the latest public version of Windows 11. However, he said that the flaw does not work in the latest Windows 11 Insider Preview Canary build.

The exploit appears to abuse how the Windows Cloud Filter driver handles registry key creation through an undocumented CfAbortHydration API. Forshaw's original report said that the flaw could allow arbitrary registry keys to be created in the .DEFAULT user hive without proper access checks, potentially enabling privilege escalation. While Microsoft reports having fixed the bug as part of its December 2020 Microsoft Patch Tuesday, Chaotic Eclipse now claims the vulnerability can still be exploited.

Untrustworthy is an Understatement

[drinkypoo]

It's hard to prove that Microsoft cares less about security than other vendors, without a bunch of information from Microsoft and other vendors that we're not privy to — not even shareholders get to know the full risks involved in the products upon which their dividends depend. But it's easy to prove that they will happily lie about it.

Re:

[karmawarrior]

The Linux kernel has had multiple major vulns lately. I don't think you can put it down to Microsoft not caring about security so much as it's a hard job and getting harder with every line of bloat Microsoft adds.

I'm curious if anyone's found an OpenBSD vulnerability lately?

Re:

[gweihir]

So? The Linux kernel folks patched within hours or days. And these vulnerabilities are unlikely to crop up again. You are comparing apples and oranges. Also note that building a big, bloated KISS violation of a "kernel", as Microsoft does, certainly counts as "not caring about security". The only way to get good security in software, and even more so in kernels, is by simplicity. Microsoft certainly knows that. But raking in the dollars is far more important to them.

So ask yourself: Why are you defending Mi

Well, at least there haven't been any Linux 0 days

[TheMiddleRoad]

None. None at all. 40m lines of code to maintain? Easy.

Point me to the Linux RCE, again?

[MIPSPro]

This and the Linux bugs are all LPEs. They aren't that big of a problem if you don't have untrusted users unless more advanced ways to pivot on them emerges. I'm not saying it's nothing or there haven't been recent problems in all operating systems. I'm just saying, recently, there has been only the one NFS exploit for FreeBSD that's an RCE.

My other observation is "Hey tough guys, where's the RCE bugs in OpenSSH?" Almost as if others have already been the shit out of them with static analysis tools and b

Re:

[TheMiddleRoad]

https://www.microsoft.com/en-u... [microsoft.com] Windows has poor security. Linux does too. AFAIK, my most secure device is my phone, which runs GrapheneOS. Software and hardware locked down together at last. Hardened OS so that, if there is an RCE, shit will still be hard to do.

Re:

[T34L]

On Linux, there's at least an expectation that someone will try and fix the zero days after they're are discovered.

On Windows there's zero-days that've been published six years ago and just work with the then attached guide.

Re:

[TheMiddleRoad]

RTFA. It was either said to be fixed and wasn't or there was a rollback at some point. Shit happens. Big corp. Happens with open source too.

Re:

[organgtool]

The difference between Windows and Linux in this area is that Linux generally takes security flaws seriously, addresses them quickly, and leaves the fixes in place. With Microsoft, there's a common pattern to slow-roll the whole process: deny the flaw exists, then when it becomes undeniable, claim that it can't be exploited, then once a PoC is released, diminish the severity of the exploit. This process usually spans months and meanwhile Windows users are left with their pants around their ankles and puck

Re:

[TheMiddleRoad]

Microsoft prioritizes the use of their machines over the security. This is a known thing. Trying to think of the truly horrid problems of the past several years, most of them are thanks to social engineering, not technical failures, where Linux wouldn't have helped. It's way, way easier to be given a password than to crack a machine remotely. Then there was the CrowdStrike incident. Of course CrowdStrike is all about security. Nothing is more secure than a computer that died. I'm sure that similar co

Re:

[gweihir]

What a dumb statement. If you are trying to defend the indefensible (Microsoft), try at least to sound a bit plausible.

win 11 source

[Elektroschock]

The only thing that can rescue Windows security is releasing the source code.

Re:

[Echoez]

Sorry, but two of the biggest stories in IT over the past few weeks are privilege escalations attacks within the Linux kernel such as Copy Fail and Dirty Frag. While it may be true that over the previous 25 years being open source has helped protect Linux, the surge in high quality AI analysis tools has HURT Linux in the past few months.

Open source != super secure, and the past few weeks have proven that.

Right now, I think it's fair to say that the weapons of offense are greater than the weapons of defens

Re:

[drinkypoo]

At this point, there is probably nothing that can rescue either Microsoft or Linux from the hordes at the wall. Both are performance-first operating systems. There's nothing surprising or unusual about that; this is the dominant paradigm. Windows NT made at least some attempt in the other direction until version 4, but then they prioritized UI latency over memory security. LLMs apparently don't have to be able to think to recognize patterns which indicate vulnerabilities. If having closed source is even sti

Re:

[organgtool]

Didn't China demand access to the Windows source code? I can only imagine how hard they have their LLMs working to find flaws in that. Things are likely to get much more interesting.

Re:

[gweihir]

I would think that China has that access. I know of several large corporations and one smaller state that have this access.