Windows 'MiniPlasma' Exploit: SYSTEM Access, Proof-of-Concept Public

Unpatched flaw in Windows Cloud Filter driver hands SYSTEM access to attackers. Microsoft's radio silence continues.

By Byte-Pulse Newsroom·AI-augmented editorial system·May 17, 2026·2 min read
Serhat Er — Founder & Editor-in-ChiefEdited bySerhat Er·Founder & Editor-in-Chief
Updated Jun 08, 2026
Windows 'MiniPlasma' Exploit: SYSTEM Access, Proof-of-Concept Public
Byte-Pulse original cover. Source story: BleepingComputer.

A new Windows flaw, dubbed 'MiniPlasma,' is out there. It lets attackers snag SYSTEM-level access even on fully patched machines. Cybersecurity researcher Chaotic Eclipse just dropped the exploit publicly. It zeros in on a bug in the Windows Cloud Filter driver, specifically the 'HsmOsBlockPlaceholderAccess' routine. Here's the kicker: James Forshaw of Google Project Zero first reported this vulnerability back in 2020. It was supposedly patched. But it's back.

A Scar Reopened

This MiniPlasma exploit? It points to a worrying lapse in Microsoft's patch management. Chaotic Eclipse says the 2020 issue, CVE-2020-17103, still works. Microsoft claimed a fix in December 2020. Yet BleepingComputer and other security pros confirm the exploit runs just fine on the latest Windows 11 updates.

It lets attackers create arbitrary registry keys, totally bypassing access checks. Think about that. This can bump a regular user's privileges straight up to SYSTEM level. Pretty big security risk, wouldn't you say?

Not Their First Rodeo

This isn't Chaotic Eclipse's first rodeo. The researcher has dropped a series of zero-day vulnerabilities. It's a protest, actually, against how Microsoft handles bug bounties and vulnerability disclosures. Some of these, like BlueHammer, RedSun, and UnDefend, have even been actively exploited after they went public.

  • BlueHammer: A local privilege escalation flaw.
  • RedSun: Another escalation bug. Microsoft, for its part, patched this one quietly.
  • UnDefend: A tool to hit Windows Defender with a Denial of Service attack.

Europe's Stake

Europe's cybersecurity scene? It's feeling this keenly. Windows platforms are everywhere, across pretty much every industry. And GDPR? That adds another layer of pain. Data breaches from these kinds of flaws could mean hefty fines. Remember when software giants faced huge scrutiny and penalties over security oversights? Yeah, like that.

So, What Now?

For you, the user, or you, the IT admin? This exploit means you need to be on your toes. Vigilance. Proactive security. Update your systems. Get extra security tools. Seriously. It's about mitigating those potential risks. And keep an eye on Microsoft. See what they do about patches.

The Big Questions

  • Microsoft hasn't said a word about MiniPlasma. Not officially, anyway.
  • No one knows if a new patch is coming. Or when.
  • How much is this actually being exploited out there? Pure speculation right now.

Why It Matters

The MiniPlasma exploit? It really chips away at trust in Microsoft's patching. A vulnerability that was supposedly fixed, now back again. Doesn't exactly inspire confidence in their security processes, does it? Threats keep evolving. Microsoft needs solid, transparent patch management. It's about user trust. It's about data integrity. Simple as that.

Discuss this story

Got a take, a correction, or a follow-up tip? Reply where you read — we read everything.

Found an error? File a correction at /corrections. Substantive corrections are logged publicly.

#windows#zero-day#security#microsoft#vulnerability
Get the 5 tech stories worth your time — 3× a week

One short email. The most important Security news, fact-checked, no fluff. Free, unsubscribe anytime.

More from Security

About the author
AI-augmented editorial system

The Byte-Pulse Newsroom is the editorial system that produces Byte-Pulse's daily tech news coverage. Each story is cross-referenced across 3+ independent outlets, drafted with AI assistance by the newsroom system (Drafter → Editor → Fact-Checker → Polisher), and reviewed by Serhat Er, Editor-in-Chief, before publication. We disclose AI augmentation openly. Editorial accountability stays with the named editor on every article. Tips: editorial@byte-pulse.net.

HardwareAIGamingMobileSecurity
Editorially reviewed on . Spotted an error? Tell us.
From other sections

Don’t miss these

Ugreen 145W Power Bank: Deconstructing the 'Lowest Price' Hype
⚙️ Hardware

Ugreen 145W Power Bank: Deconstructing the 'Lowest Price' Hype

We dissect Ugreen's 145W power bank deal, contrasting its advertised 'lowest price in months' with the broader context of consumer electronics pricing and real-world value for European users

By Byte-Pulse Newsroom·14h ago·5 min0
Sony's Digital Shift: 'Consumer Preference' or Corporate Control?
🎮 Gaming

Sony's Digital Shift: 'Consumer Preference' or Corporate Control?

Byte-Pulse examines Sony's shift to an all-digital future, community backlash, and implications for gamers and the industry.

By Byte-Pulse Newsroom·20h ago·3 min
Nothing Phone (4b): A Mid-Range Ambition in a Crowded European Market
📱 Mobile

Nothing Phone (4b): A Mid-Range Ambition in a Crowded European Market

Nothing's Phone (4b) merges familiar aesthetics with mid-range specs, raising questions about its European market strategy and true competitive edge.

By Byte-Pulse Newsroom·6 days ago·8 min
🚗 EV & Auto

Tesla Model 3 vs Polestar 2: Choosing Your Next EV Wisely

A balanced breakdown of Tesla Model 3 and Polestar 2. Compare specs, performance, design, and more to find the right EV for you.

By Serhat Er·Jun 26, 2026·6 min0
AI Chatbots Duel for 2026 World Cup Champion Prediction
🤖 AI

AI Chatbots Duel for 2026 World Cup Champion Prediction

Can artificial intelligence really predict the beautiful game? We put the leading AI chatbots to the test, feeding them the same prompts for the 2026 World Cup. Here's who came out on top, and how they got there.

By Byte-Pulse Newsroom·Jun 25, 2026·7 min
Apple's 2027 Roadmap: Unpacking Supply Strains and Strategic Positioning
⚙️ Hardware

Apple's 2027 Roadmap: Unpacking Supply Strains and Strategic Positioning

Byte-Pulse analyzes Apple's rumored 2027 product plans, scrutinizing the strategic implications of a redesigned MacBook Pro and accelerated M7 chip amidst supply chain pressures

By Byte-Pulse Newsroom·1 day ago·5 min0
Cookies & ads

We fund this site through ads (Google AdSense and others) and use analytics to see what works. Both may set cookies. You decide what is OK — your choice is remembered.

Details in our Privacy Policy.