A six-year-old vulnerability just resurrected itself on fully patched Windows 11 — and the researcher who published the exploit isn’t a nation-state actor or a ransomware crew. It’s a single disgruntled person with a GitHub account and a grudge against Microsoft’s vulnerability handling process. The dropped exploit, named MiniPlasma, hands SYSTEM-level access to any standard user on a Windows machine running the May 2026 Patch Tuesday updates. And the kicker, according to the researcher: the original 2020 proof-of-concept from Google Project Zero works against current Windows without modification.
That last detail should keep every Windows administrator awake tonight.
How A 2020 Patch Quietly Unpatched Itself
The vulnerability sits inside cldflt.sys, the Windows Cloud Filter driver, specifically in the HsmOsBlockPlaceholderAccess routine. Google Project Zero’s James Forshaw originally reported it in September 2020, it was assigned CVE-2020-17103, and Microsoft shipped a fix in the December 2020 Patch Tuesday. The researcher behind MiniPlasma — going by Chaotic Eclipse or Nightmare Eclipse — says the original Project Zero PoC still works today, suggesting either the patch was incomplete from day one or it was silently rolled back at some point. BleepingComputer confirmed the exploit works on a fully patched Windows 11 Pro install, and Will Dormann of Tharros independently confirmed it on the latest public Windows 11 build (though it reportedly fails on the Insider Preview Canary channel).
Regression bugs are uniquely dangerous: defenders and detection vendors assume old CVEs are dead. EDR signatures, threat models, and compliance audits all treat “patched in 2020” as a closed chapter. A six-year-old exploit that suddenly works again is a perfect blind spot — the kind of thing red teams dream about and blue teams forget to monitor.
If you’re running a Windows fleet for, say, a hospital network or a multi-tenant SaaS platform where every endpoint is also a credential vault, MiniPlasma means a phishing victim with a standard user account can pivot to SYSTEM in seconds — bypassing every assumption your IAM model makes about least privilege. Expect Microsoft to ship an out-of-band fix within weeks, but expect the silent-patch regression problem to keep happening as long as patch testing doesn’t include re-validating old PoCs.
When A Disgruntled Researcher Becomes The Threat Model
MiniPlasma is the sixth Windows zero-day this single researcher has dumped on GitHub in roughly six weeks. The list reads like a Microsoft security team’s worst quarter: BlueHammer (CVE-2026-33825), RedSun, the UnDefend Defender DoS tool, YellowKey (a BitLocker bypass for Windows 11 and Server 2022/2025 against TPM-only configurations), and GreenPlasma. According to BleepingComputer’s earlier reporting, three of those exploits — BlueHammer, RedSun, and UnDefend — were spotted in active attacks shortly after disclosure. The researcher claims Microsoft silently patched RedSun without assigning it a CVE, which is exactly the kind of behavior that fuels public-disclosure spirals.
The threat model for enterprise software used to assume disclosure came from coordinated researchers, organized crime, or nation-states with strategic motives. A single individual publicly dumping working exploits — explicitly because, in their own words, Microsoft “will ruin my life and they did” — is a different shape of threat. It’s unpredictable, it’s emotionally driven, and it doesn’t respond to bug bounty incentives. The researcher has framed every drop as protest, not profit.
Imagine you’re a CISO at a regulated org running thousands of Windows endpoints. Your monthly Patch Tuesday risk model assumes a steady cadence of disclosed-then-patched bugs. A single hostile researcher publishing weaponized PoCs faster than Microsoft can respond breaks that model — your detection engineering team now has to treat a personal blog and a GitHub repo as a tier-one threat Intel source. Bug bounty programs are going to face board-level scrutiny in 2026, and “how do we handle a researcher we’ve alienated” will become a tabletop exercise.
Why The Cloud Filter Driver Keeps Showing Up
The exploit abuses how cldflt.sys handles registry key creation through an undocumented CfAbortHydration API. Forshaw’s original write-up explained that the flaw lets arbitrary registry keys be created in the .DEFAULT user hive without proper access checks — and from there, privilege escalation is trivial. Same driver, same routine, same primitive as 2020.
This pattern — undocumented APIs in kernel-mode drivers with implicit trust assumptions — is the gift that keeps giving for LPE researchers. Cloud Filter exists to bridge OneDrive-style placeholder files with the local filesystem, which means it sits at a privilege boundary where user-mode code can trigger kernel-mode side effects. Every time Microsoft ships a feature that quietly extends user-mode reach into the kernel, it creates a new attack surface that won’t be properly audited for years. The same dynamic shows up across the industry: convenience features bolted onto trusted components turn into LPE chains.
For teams building anything that touches privileged operations — whether that’s a Windows agent, a traceability platform for regulated supply chains, or a healthcare backend syncing patient records — the lesson is the same: undocumented APIs aren’t safe just because they’re undocumented. Static analysis and fuzzing budgets should explicitly target the surface area between user-mode triggers and kernel-mode effects. Prediction: by end of 2026, at least one more Cloud Filter LPE will surface, and Microsoft will either deprecate CfAbortHydration outright or rewrite the entire hydration codepath.
FAQ
Q: What is the MiniPlasma exploit and which Windows versions are affected?
A: MiniPlasma is a proof-of-concept local privilege escalation exploit targeting the cldflt.sys Cloud Filter driver in Windows. It has been confirmed working on fully patched Windows 11 Pro running the May 2026 Patch Tuesday updates, but reportedly fails on the latest Windows 11 Insider Preview Canary build. A standard user account is sufficient to obtain SYSTEM privileges.
Q: Is this actually the same bug as CVE-2020-17103? A: According to the researcher Chaotic Eclipse, yes — the original Google Project Zero proof-of-concept from James Forshaw’s 2020 report works without modification against current Windows. Microsoft claimed to fix CVE-2020-17103 in December 2020, but the researcher suggests the patch was either incomplete or silently rolled back. Microsoft has not yet publicly responded.
Q: How should defenders respond before Microsoft ships a patch? A: Treat any new local logon by a standard user as potentially elevation-capable until patched. EDR teams should hunt for unusual writes to the .DEFAULT registry hive and processes spawning SYSTEM-level shells from unprivileged parents. Reviewing detection rules tied to the original CVE-2020-17103 is a good starting point.
Key Takeaways
- Re-test exploits for old, supposedly-patched CVEs against your current fleet — silent patch regressions are not theoretical and your EDR vendor probably stopped alerting on 2020-era techniques years ago.
- Bug bounty program design is now a security control, not an HR concern; how you handle an angry researcher determines whether your next zero-day lands on GitHub or in a private inbox.
- Detection engineering teams should add personal blogs and GitHub repos of known disclosure-first researchers to their threat Intel pipelines, with the same priority as commercial feeds.
- Undocumented kernel-adjacent APIs like
CfAbortHydrationdeserve dedicated fuzzing budgets — convenience features that span privilege boundaries are the modern equivalent of setuid binaries. - Expect Microsoft to ship an out-of-band patch for MiniPlasma within weeks, and expect more drops from the same researcher until the underlying disclosure dispute is resolved publicly.