CRITICAL: 'MiniPlasma' Windows 0-Day Resurrects 2020 SYSTEM Escalation Bug Microsoft Thought It Killed

Pour one out for Patch Tuesday. A privilege escalation flaw that Microsoft supposedly fixed in December 2020 is back from the dead, and a working proof-of-concept exploit is sitting on GitHub right now waiting for anyone with a Windows machine and a grudge. Dubbed "MiniPlasma" by the researcher who resurrected it, the bug grants SYSTEM-level access on fully patched Windows 11 systems running the May 2026 cumulative updates. It is, by every meaningful definition, a zero-day. The fact that it was already assigned CVE-2020-17103 over five years ago makes the situation considerably more embarrassing for Redmond and considerably more frustrating for every defender now staring at fleets of Windows endpoints they thought were buttoned up.

The story starts in September 2020, when Google Project Zero researcher James Forshaw reported a privilege escalation vulnerability in cldflt.sys, the Windows Cloud Files Mini Filter Driver. That driver is the plumbing behind cloud storage providers like OneDrive, handling the placeholder file mechanics that let users see and interact with files that have not actually been downloaded yet. Forshaw identified a race condition in the HsmOsBlockPlaceholderAccess routine that could be abused to gain SYSTEM privileges from an unprivileged user context. Microsoft acknowledged the report, assigned CVE-2020-17103, and shipped what was advertised as a fix in the December 2020 Patch Tuesday release. Everyone moved on with their lives, and the vulnerability vanished from the active threat landscape for the better part of six years.

That is, until a researcher operating under the handle Chaotic Eclipse decided to take the original Project Zero proof-of-concept code and run it against a freshly patched Windows 11 box. To everyone's surprise, including apparently the researcher's, the exploit worked. Not a modified version, not a tweaked variant, the original 2020 PoC code that was supposed to be neutralized half a decade ago. "I'm unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons," Chaotic Eclipse said in the disclosure, which is the kind of statement that should send a cold ripple through anyone responsible for Windows endpoint security.

The technical mechanism is worth understanding because it explains why the exploit is so reliable in practice. The Cloud Filter driver processes requests through HsmOsBlockPlaceholderAccess to control access to placeholder files, and it interacts with an undocumented kernel API called CfAbortHydration. By orchestrating a carefully timed race condition between those two paths, an attacker can convince the driver to create arbitrary registry keys inside the .DEFAULT user hive without performing proper access checks. Registry keys in that hive run with SYSTEM context. From there, dropping a payload that executes a SYSTEM shell is a short walk down a familiar path. The exploit weaponized by Chaotic Eclipse spawns cmd.exe with SYSTEM privileges, which is the local privilege escalation equivalent of being handed the master key to the building.

Will Dormann, who has been doing serious vulnerability research for decades and is not known for hyperbole, confirmed that MiniPlasma works reliably on Windows 11 systems with the May 2026 patches applied. He noted that it does not seem to work on the latest Insider Preview Canary build, which strongly suggests Microsoft has a fix in the pipeline somewhere upstream that has not yet flowed into shipping production updates. That is cold comfort if you are running production Windows fleets today, because the gap between an Insider Canary build and a broadly deployed Patch Tuesday release can be months, and exploitation tooling will not wait politely for the patch train to arrive.

Affected systems likely include every supported version of Windows that ships the Cloud Files Mini Filter Driver, which is essentially everything from Windows 10 onward and likely older builds as well. Researchers have characterized the bug as "all Windows versions are likely affected," which is the kind of phrasing that tells you nobody has bothered to enumerate the full vulnerable population because the answer is almost certainly all of it. If the box has OneDrive, Sync Center, or any of the modern cloud-aware file system features, it is running cldflt.sys, and cldflt.sys is the problem.

The race condition nature of the exploit has two practical implications worth thinking about. First, success is not deterministic. Chaotic Eclipse acknowledged that "success rate may vary since it's a race condition," which means an attacker may need to try the exploit multiple times before the timing aligns and the privilege escalation succeeds. That is not the security win it sounds like. Modern attackers do not need a one-shot exploit. They need an exploit that works often enough across an attack timeline, and a race condition with an eighty percent success rate after three attempts is functionally equivalent to a deterministic one from the perspective of an attacker who already has unprivileged code execution on the target. Second, race condition exploitation tends to be quite stealthy. There is no shellcode injection, no obvious memory corruption signature, no unusual API surface being triggered. The exploit is doing things the driver is supposed to do, just in an order and timing that subverts the access control assumptions. Endpoint detection and response products that lean heavily on behavioral signatures will struggle to catch this without specific signatures developed for the MiniPlasma pattern.

There is no patch as of this writing. Microsoft has been contacted by multiple outlets and had not provided an official response at the time of publication. The reasonable expectation is that a fix will land in the June 2026 Patch Tuesday release, but that is twenty days away from today, and a working exploit is already public. In the meantime, ThreatLocker has published mitigation guidance focused on registry monitoring. Defenders should be watching for unauthorized modifications to keys under Registry\User\Software\Policies\Microsoft\CloudFiles\BlockedApps and Registry\User.DEFAULT\Volatile Environment, both of which are touched by the exploit chain. Application control policies that prevent untrusted binaries from executing at all will mute the attack at a different layer, because the privilege escalation only matters to an attacker who already has some form of code execution on the box to escalate from.

Context matters here, and the context is grim. CVE-2025-62221, a separate vulnerability in the same cldflt.sys component carrying a CVSS score of 7.8, was actively exploited by unknown threat actors as recently as December 2025. That tells you the Cloud Filter driver is a region of the Windows kernel that adversaries are actively probing, mapping, and chaining into operational tradecraft. MiniPlasma fits the same pattern. The most likely real-world deployment is as the second stage in a multi-step attack where an initial access vector, almost certainly phishing or a browser exploit, gets the attacker a foothold as a standard user. From there, MiniPlasma elevates to SYSTEM, and from SYSTEM the attacker can disable EDR, dump credentials, move laterally, and do all the unpleasant things SYSTEM access enables. Ransomware operators in particular love local privilege escalation primitives like this one because they accelerate every stage of the kill chain after initial access.

Detection in the absence of a patch is going to be a manual lift. The registry-based indicators that ThreatLocker highlighted are useful for SIEM rule authoring. Hunting queries that look for unusual cmd.exe processes launched with SYSTEM token integrity from a parent process that is not winlogon, services, or another expected SYSTEM-context binary will surface the post-exploitation activity. EDR products that capture kernel callback events for placeholder file operations may have signal worth correlating, but mileage will vary by vendor. The pragmatic posture for the next few weeks is to assume the exploit will get used, focus on minimizing initial access vectors so attackers do not have a foothold to escalate from in the first place, and tighten administrative privilege boundaries so that even a successful SYSTEM exploit does not immediately translate into domain compromise.

For MSPs, MiniPlasma is a conversation starter that practically writes itself. The combination of a public proof-of-concept, no available patch, a five-year-old bug Microsoft thought they had killed, and a known pattern of similar Cloud Filter exploits being weaponized in the wild is the kind of incident that justifies an emergency security review for every Windows client. Privileged access management, EDR tuning, application allowlisting, and managed detection services all become much easier to sell when the headline news is that fully patched Windows 11 is being trivially escalated to SYSTEM by an exploit anyone can download from GitHub. The smart shops will be on the phone with their clients today.