Zero‑Day “MiniPlasma” Exploit Grants SYSTEM Access on Patched Windows 11
What Happened — A researcher released a proof‑of‑concept for a Windows privilege‑escalation zero‑day, dubbed MiniPlasma, that obtains SYSTEM privileges on fully patched Windows 11 systems by abusing the cldflt.sys Cloud Filter driver. The exploit works on the latest May 2026 Patch Tuesday build but fails on the newest Insider Canary preview.
Why It Matters for TPRM —
- Unpatched kernel‑level flaws can be leveraged to bypass any vendor‑implemented controls, exposing downstream customers to ransomware, data theft, or supply‑chain compromise.
- The vulnerability affects the core OS used by virtually every enterprise‑grade SaaS, IaaS, and on‑premise solution, expanding the attack surface of any third‑party service that runs on Windows.
- A publicly available PoC accelerates weaponisation, increasing the likelihood of active exploitation before Microsoft issues a corrective update.
Who Is Affected — All industries that rely on Windows 11/Server (TECH_SAAS, FIN_SERV, HEALTH_LIFE, GOV_PUBLIC, etc.) and any MSP/MSSP delivering Windows‑based services.
Recommended Actions —
- Review contracts with Microsoft‑dependent vendors for OS‑patch management clauses.
- Verify that affected parties have rapid patch‑deployment processes and can apply out‑of‑band fixes.
- Increase monitoring for anomalous SYSTEM‑level activity (e.g., unexpected cmd.exe launches, registry key creation in
.DEFAULT). - Consider temporary mitigations: restrict execution of unsigned binaries, enforce application control policies, and isolate critical workloads on hardened images.
Technical Notes — The exploit abuses an undocumented CfAbortHydration API in the Cloud Filter driver, allowing arbitrary registry key creation in the .DEFAULT hive without proper access checks. The flaw traces back to CVE‑2020‑17103, which Microsoft claimed to have patched in December 2020, yet the vulnerability persists. No CVE has been assigned for the new exploit; it remains a zero‑day. Source: BleepingComputer