A cybersecurity researcher, known as Chaotic Eclipse, has recently shared an exploit called “MiniPlasma.” This zero-day vulnerability allows attackers to gain SYSTEM privileges on Windows systems, even if they are fully updated. According to Chaotic Eclipse, Microsoft missed the mark on fixing a flaw reported back in 2020.
The problem lies in the ‘cldflt.sys’ Cloud Filter driver, particularly in how it processes certain commands. The researcher claims this issue was originally flagged by James Forshaw from Google’s Project Zero. While Microsoft said they fixed it in December 2020, the researcher insists the vulnerability still exists.
BleepingComputer tested MiniPlasma on a Windows 11 system and confirmed it worked. After running the exploit, we could open a command prompt with SYSTEM privileges. Similarly, Will Dormann, a principal analyst at Tharros, verified the exploit on Windows 11, although it did not function on the latest Insider Preview.
Experts believe this exploit takes advantage of how the Windows Cloud Filter driver interacts with registry keys. Forshaw’s original findings suggested that arbitrary keys could be created without proper checks, creating an opportunity for privilege escalation. Although Microsoft had addressed this issue, Chaotic Eclipse contends that it remains problematic.
Interestingly, MiniPlasma isn’t the only zero-day exploit released by this researcher. Earlier this year, they disclosed multiple vulnerabilities, including BlueHammer and RedSun. Following those releases, reports indicated that these flaws were actively exploited in real-world attacks.
Chaotic Eclipse has expressed their frustration with Microsoft’s vulnerability management process. They claim their attempts to report issues were met with unhelpful responses, even describing interactions with Microsoft as detrimental to their well-being.
In light of recent events, it’s crucial for users and businesses to stay informed about potential vulnerabilities and keep their systems up to date. Continuous monitoring and prompt action against these types of exploits are essential for maintaining cybersecurity.
For more information on cybersecurity guidelines and best practices, check out resources from trusted authorities like the U.S. Cybersecurity & Infrastructure Security Agency (CISA).

