MiniPlasma: 0-day in cldflt.sys enables SYSTEM escalation on patched Windows

Colleagues — a PoC for the MiniPlasma 0-day has emerged, enabling SYSTEM escalation on fully patched Windows. The flaw lies in cldflt.sys (HsmOsBlockPlaceholderAccess). Initially reported by James Forshaw (Google Project Zero) in 2020 and tracked as CVE-2020-17103, it was believed fixed, but the PoC demonstrates the bug persists. Technically, a race condition: the PoC spawns a SYSTEM shell; Will Dormann reports it works on Windows 11 with May 2026 updates. Likely affects multiple Windows versions. Impact: local LPE on patched machines raises risk of full compromise. Recommended: track Microsoft patches, restrict privileges, and tighten monitoring/EDR. How will you respond? #cybersecurity #Windows #vulnerabilities #infosec


Latest comments
No comments yet.