Unpatched Vulnerability in Cloud Files Driver
A security researcher known as Chaotic Eclipse has released a proof-of-concept exploit for a Windows privilege escalation flaw that allows attackers to gain SYSTEM level access on fully updated systems. Dubbed MiniPlasma, the vulnerability resides in the Windows Cloud Files Mini Filter Driver, specifically within the routine called “HsmOsBlockPlaceholderAccess.” The issue was originally reported to Microsoft in September 2020 by Google Project Zero researcher James Forshaw. While Microsoft was believed to have addressed the problem in December 2020, new analysis suggests the patch never fully took effect or was later reverted without explanation.
Impact and Scope
The researcher confirmed that the original proof-of-concept code from Google worked without modification, and they weaponized it to launch a command prompt with SYSTEM privileges. While the exploit relies on a race condition and success rates may vary, it has been shown to work reliably on Windows 11 systems with the latest May 2026 updates installed. Security researcher Will Dormann verified the exploit’s effectiveness, though noted it does not appear to function on the latest Windows 11 Insider Preview Canary build. All Windows versions are believed to be susceptible to this flaw, which also independently gained attention in December 2025 when Microsoft patched a related privilege escalation issue in the same driver component that was being actively exploited.
Source: The Hacker News
