"The vulnerable Windows Cloud Filter driver allows registry key manipulation via an undocumented API. An attacker could use an unauthenticated network session to create a key in the DEFAULT user hive without access checks, enabling privilege escalation and potentially leading to system code execution, the report reads."
"After investigating, it turns out the exact same issue that was reported to Microsoft by Google Project Zero is actually still present, unpatched. Chaotic Eclipse says the original proof-of-concept (PoC) code released by Project Zero researchers works without changes, noting that either the vulnerability was never resolved or the patches were rolled back."
"MiniPlasma works on Windows 11 systems with the May 2026 security updates installed. "I'll note that it does not seem to work on the latest Insider Preview Canary Windows 11," Dormann says."
"Chaotic Eclipse recently dropped exploits for several unpatched vulnerabilities in Microsoft products, such as BlueHammer, YellowKey, and GreenPlasma, saying they are displeased with how the tech giant handles vulnerability reports."
CVE-2020-17103 is a Windows privilege escalation vulnerability in the Cloud Filter driver with a CVSS score of 7.0. The weakness enables registry key manipulation through an undocumented API. An attacker can use an unauthenticated network session to create a registry key in the DEFAULT user hive without access checks, which can lead to privilege escalation and potential system code execution. Microsoft issued fixes for the flaw in December 2020 Patch Tuesday updates after it was reported by Google Project Zero. A new exploit called MiniPlasma claims the original Project Zero proof-of-concept still works without changes, suggesting the issue may remain unpatched or patches may have been rolled back. The exploit reportedly works on Windows 11 with May 2026 updates, but not on the latest Insider Preview Canary builds.
#windows-privilege-escalation #cve-2020-17103 #cloud-filter-driver #miniplasma-exploit #patch-management
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]