THE SecurityWeek article reports that a cybersecurity researcher known as Chaotic Eclipse and Nightmare Eclipse has released MiniPlasma, an exploit that targets CVE-2020-17103, a Windows privilege-escalation vulnerability in the Windows Cloud Filter driver with a CVSS of 7.0.
The vulnerability was disclosed by Google Project Zero in 2020 and patched by Microsoft as part of December 2020 Patch Tuesday updates; the CVE allows an unauthenticated network session to create a registry key in the DEFAULT user hive, enabling privilege escalation and potentially system code execution. According to the piece, the PoC code originally published by Project Zero remains usable, and the researcher suggests the issue was either never resolved or patches were rolled back.
Will Dormann of Tharros Labs notes that MiniPlasma works on Windows 11 systems with May 2026 security updates installed, though Dormann says it does not appear to work on the latest Insider Preview Canary build. SecurityWeek has asked Microsoft for comment and will update the article if the company responds.