Overview
- Security researcher Chaotic Eclipse released a MiniPlasma proof‑of‑concept on GitHub that elevates a local user to SYSTEM on fully patched Windows, providing both source code and a compiled binary.
- BleepingComputer reproduced a SYSTEM command prompt on a fully updated Windows 11 machine, and researcher Will Dormann confirmed the exploit works on current public builds.
- Dormann said the technique fails on the latest Windows 11 Insider Preview Canary build, suggesting recent changes there may block the method.
- The exploit targets the Cloud Files Mini Filter driver (cldflt.sys) in a routine called HsmOsBlockPlaceholderAccess and appears to use an undocumented CfAbortHydration call to create keys in the .DEFAULT registry hive to gain higher rights.
- The issue mirrors James Forshaw’s 2020 finding tracked as CVE-2020-17103 that Microsoft said it fixed, while Microsoft has been contacted about the new PoC and has not announced a fresh patch.