Find notable cyber news and cases, enriched with sources, timelines, and signals.

Windows cldflt.sys MiniPlasma privilege escalation zero-day privilege-escalation flaw

Vulnerability
First reported
Last updated
Happening score
H score 52
2 unique sources, 2 articles

Summary

Hide ▲

MiniPlasma is a Windows privilege-escalation zero-day in cldflt.sys that can give attackers SYSTEM privileges on fully patched Windows systems. The flaw affects the Windows Cloud Files Mini Filter Driver and is described as still unpatched despite an earlier assumption that Microsoft had fixed it. A public proof-of-concept now shows reliable local elevation on current Windows builds, making the issue immediately relevant to defenders.

Related Happenings

Microsoft Defender RoguePlanet race-condition zero-day remote code execution flaw

Vulnerability
H score39 First: 10.06.2026 02:11 Last: 10.06.2026 02:11 Sources 1

About this happening: Microsoft Defender zero-day RoguePlanet is a race-condition flaw affecting fully patched Windows 10 and Windows 11 systems. A public proof-of-concept exploit was released shortly...

Latest development: 10.06.2026 08:22

The anonymous security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, released a proof-of-concept (PoC) exploit for the Microsoft Defender zero-day RoguePlanet under a new GitHub account named MSNightmare. The race-condition exploit can yield a SYSTEM-level shell and arbitrary code execution when it succeeds, has been tested on Windows 11 and Windows 10 with the June 2026 Patch Tuesday updates installed, and currently does not work on Windows Server without redesign because standard users cannot mount an ISO image.

Windows cldflt.sys privilege escalation (CVE-2020-17103)

Vulnerability
H score28 First: 18.05.2026 01:30 Last: 18.05.2026 01:30 Sources 1

About this happening: A public **MiniPlasma** proof-of-concept has renewed concern around the **Windows cldflt.sys Cloud Filter driver** because it can elevate a **standard user** to **SYSTEM** on **fu...

Azure Backup for AKS privilege escalation flaw

Vulnerability
H score22 First: 16.05.2026 23:55 Last: 16.05.2026 23:55 Sources 1

About this happening: A **critical Azure Backup for AKS** privilege-escalation flaw was independently validated, exposing Kubernetes clusters to **cluster-admin** takeover from the low-privileged **Bac...

Microsoft Edge stops loading saved passwords into cleartext memory at startup

Security Tool/Service
H score10 First: 15.05.2026 17:49 Last: 15.05.2026 17:49 Sources 1

About this happening: **Microsoft Edge** is changing its built-in password manager so **saved passwords** are no longer loaded into **process memory in clear text** at startup, reducing the risk of loc...

Microsoft adds Cloud-Initiated Driver Recovery for Windows Update driver rollbacks

Security Tool/Service
H score10 First: 15.05.2026 15:29 Last: 15.05.2026 15:29 Sources 1

About this happening: Microsoft is adding **Cloud-Initiated Driver Recovery** to **Windows Update**, giving it a remote rollback control for **problematic Windows drivers**. The capability reduces how...

Timeline

  1. 18.05.2026 07:59 3 articles · 1mo ago

    Initial report: Windows cldflt.sys MiniPlasma privilege escalation zero-day privilege-escalation flaw

    Initial Disclosure

    A public **PoC** now turns **MiniPlasma** into a **SYSTEM**-level Windows privilege-escalation path in **cldflt.sys**. The flaw is described as still **unpatched** and may affect **all Windows versions**.

    Show sources