Researcher Chaotic Eclipse has released a proof-of-concept exploit for a new Windows zero-day called MiniPlasma, which BleepingComputer has spotted. confirmed that it can grant SYSTEM privileges on fully updated Windows 11 systems.
The researcher claims that the bug is essentially another exploit of a 2020 flaw that Microsoft said it had fixed.
At that time, the defect was assigned the identifier CVE-2020-17103 and was reportedly fixed in December 2020. “Upon investigation, it turns out that the exact same issue reported to Microsoft by Google’s project zero still exists, without a patch,” Chaotic Eclipse explains. “I’m not sure if Microsoft simply never fixed the issue or if the patch was silently withdrawn at some point for unknown reasons. The original PoC from Google works without any changes.”
BleepingComputer tested the exploit on a fully updated Windows 11 Pro system running the latest May 2026 Patch Tuesday. In the test, they used a standard user account and, after running the exploit, it opened a command prompt with SYSTEM privileges, as shown in the image.
Will Dormann, principal vulnerability analyst at Tharros, also confirmed that the exploit works in his tests on the latest public build of Windows 11. However, he said that it does not work on the latest Canary build of Windows 11 Insider Preview.
The exploit appears to abuse the way in which the Windows Cloud Filter driver handles the creation of registry keys via an undocumented CfAbortHydration API. Forshaw's original report said the flaw could allow the creation of arbitrary registry keys in the .DEFAULT user group without proper access controls, allowing privilege escalation. And while Microsoft says it fixed the bug as part of the December 2020 Microsoft Patch Tuesday, Chaotic Eclipse now claims the vulnerability can still be exploited.
Although the press releases will range from very select to rare, I said I'd pass...because sometimes the editors hide.
