MiniPlasma Zero‑Day Grants SYSTEM Privilege Escalation on Fully Patched Windows Systems
What Happened — Security researcher Chaotic Eclipse released a proof‑of‑concept for “MiniPlasma,” a Windows privilege‑escalation zero‑day that abuses the cldflt.sys Cloud Files Mini Filter driver. The flaw works on fully patched Windows 10/11 and Windows Server editions, granting attackers full SYSTEM rights.
Why It Matters for TPRM —
- Enables attackers to bypass existing endpoint hardening and move laterally across corporate networks.
- Increases the risk of data exfiltration, ransomware deployment, and supply‑chain compromise for any third‑party that relies on Windows‑based workloads.
- No vendor patch is available; mitigation must be driven by configuration and monitoring controls.
Who Is Affected — Enterprises across all sectors that run Windows desktops, laptops, or servers—including SaaS providers, MSPs, and cloud‑hosted Windows VMs.
Recommended Actions —
- Immediately review Windows‑based third‑party assets for exposure.
- Deploy strict application‑allow‑list policies and limit local admin privileges.
- Enable Windows Defender Exploit Guard and monitor for anomalous
cldflt.sysactivity. - Follow Microsoft advisories for any forthcoming patches and apply them as soon as released.
Technical Notes — The vulnerability resides in cldflt.sys, the Cloud Files Mini Filter driver, and is exploitable via a crafted I/O request that triggers an unchecked pointer dereference. No CVE identifier has been assigned yet. The exploit grants SYSTEM‑level code execution, allowing full control of the host. Source: The Hacker News