CHAOTIC Eclipse has released a proof-of-concept for a new Windows privilege-escalation zero-day named MiniPlasma, claiming it works on fully patched systems and targets the cldflt[.]sys component of the Windows Cloud Files Mini Filter Driver in the HsmOsBlockPlaceholderAccess routine.
The researcher notes that the vulnerability traces back to CVE-2020-17103, originally reported to Microsoft by Google Project Zero in September 2020, and alleges that the exact same issue remains unpatched in the latest May 2026 updates. Independent validation by Will Dormann reportedly confirms that MiniPlasma can spawn a SYSTEM shell on Windows 11 with current patches, though it does not work on the Insider Preview Canary build.
Chaotic Eclipse argues this raises questions about how patches persist or disappear over time, and whether a patch from 2020 could regress or be rolled back in later releases, complicating patch management for large organisations. The disclosures come amid a broader debate on responsible disclosure versus public release of exploit code, with the author highlighting both the potential for faster fixes and heightened risk from weaponised PoCs.