CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 18, 2026

New Windows ‘MiniPlasma’ Zero-Day Let Attackers Gain SYSTEM Access – PoC Released

Cybersecurity News Archived May 18, 2026 ✓ Full text saved

A critical Windows privilege escalation zero-day vulnerability dubbed “MiniPlasma” has emerged with a public proof-of-concept exploit that allows attackers to achieve SYSTEM-level privileges on fully patched Windows systems. Security researcher Nightmare-Eclipse released the weaponized exploit on GitHub on May 13, 2026, claiming that Microsoft either failed to patch or silently rolled back the fix for […] The post New Windows ‘MiniPlasma’ Zero-Day Let Attackers Gain SYSTEM Access – PoC Released

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News New Windows ‘MiniPlasma’ Zero-Day Let Attackers Gain SYSTEM Access – PoC Released By Abinaya May 18, 2026 A critical Windows privilege escalation zero-day vulnerability dubbed “MiniPlasma” has emerged with a public proof-of-concept exploit that allows attackers to achieve SYSTEM-level privileges on fully patched Windows systems. Security researcher Nightmare-Eclipse released the weaponized exploit on GitHub on May 13, 2026, claiming that Microsoft either failed to patch or silently rolled back the fix for a vulnerability originally reported six years ago. The flaw targets the cldflt.sys Cloud Filter driver’s HsmOsBlockPlaceholderAccess routine, which was initially discovered and reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020. Microsoft assigned CVE-2020-17103 to the vulnerability and reportedly fixed it in December 2020 as part of its Patch Tuesday updates. However, Nightmare-Eclipse discovered that the same issue documented in Forshaw’s original report remains exploitable without any modifications to the original proof-of-concept code. The researcher released MiniPlasma one day after Microsoft’s May 2026 Patch Tuesday, timing the disclosure to follow the patch cycle and leaving organizations without an official fix until at least the next scheduled update. The exploit has gained significant attention in the security community, with the GitHub repository accumulating over 390 stars within days of publication. MiniPlasma Zero-Day PoC Released The vulnerability allows unprivileged users to create arbitrary registry keys.DEFAULT user hive without proper access checks. According to Google Project Zero, the flaw lies in how the HsmOsBlockPlaceholderAccess function handles registry key creation, failing to specify the OBJ_FORCE_ACCESS_CHECK flag. This enables attackers to bypass normal access restrictions and write keys to the.DEFAULT user hive, even though standard users typically lack such permissions. The exploit weaponizes this behavior by exploiting a race condition that toggles between user and anonymous tokens to manipulate the RtlOpenCurrentUser function in the kernel. When the race condition succeeds, the system opens the.DEFAULT hive for writing while the thread impersonation is reverted, allowing unauthorized key creation. Nightmare-Eclipse’s proof-of-concept, published on GitHub, demonstrates reliable exploitation on multi-core systems by spawning a SYSTEM shell after successfully winning the race condition. The vulnerability affects all Windows versions, making it a significant threat to enterprise environments, workstations, and cloud-synchronized systems. Testing confirmed that running the exploit from a standard user account successfully opens a command prompt with SYSTEM privileges, granting attackers complete control over the compromised machine. The Cloud Filter driver component is integral to Windows cloud storage synchronization services like OneDrive, meaning the vulnerable code runs on a broad range of Windows installations. Organizations should monitor Microsoft’s security response and prepare to deploy patches as soon as they become available, as the public availability of working exploit code significantly increases the risk of exploitation. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Critical SandboxJS Escape Vulnerability Enables Host Takeover Cisco Catalyst SD-WAN Controller 0-Day Actively Exploited to Gain Admin Access Foxconn Confirms Cyberattack After Nitrogen Ransomware Gang Claim TeamPCP Compromised Checkmarx Jenkins AST Plugin Following KICS Supply Chain Attack Trending Hugging Face Repo With 200k Downloads Executes Malware on Windows Machines Latest News Cyber Attack News Fast16 Malware Manipulated Nuclear Weapons Simulation Data to Sabotage Test Results Cyber Security News Claude Code RCE Flaw Lets Attackers Execute Commands via Malicious Deeplinks Cyber Security News Grafana Labs Security Breach – Hackers Access GitHub and Download Codebase Cyber Security News First Public macOS Kernel Exploit on Apple M5 Prepared Using Mythos Preview in Five Days Cyber Security News Microsoft Exchange, Windows 11, and Cursor Zero-Days Exploited on Pwn2Own Day 2
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    May 18, 2026
    Archived
    May 18, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗