Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Windows cldflt.sys privilege escalation (CVE-2020-17103)

Vulnerability
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

A public MiniPlasma proof-of-concept has renewed concern around the Windows cldflt.sys Cloud Filter driver because it can elevate a standard user to SYSTEM on fully patched Windows systems. The flaw is tied to CVE-2020-17103 and the HsmOsBlockPlaceholderAccess routine, suggesting the earlier fix may not fully close the issue. The release of source code and a compiled executable makes the exploit easier to study and adapt. The issue matters because it affects current Windows builds, including a tested Windows 11 Pro host with May 2026 Patch Tuesday updates.

Related Happenings

Linux kernel RDS PinTheft local privilege escalation flaw (public PoC)

Vulnerability
First: 20.05.2026 13:52 Last: 20.05.2026 13:52 Sources 1

About this happening: **PinTheft** now has a **public PoC exploit**, turning a recently patched **Linux kernel RDS** flaw into a practical **local privilege escalation** risk for **Arch Linux** systems...

Open Happening

Windows cldflt.sys MiniPlasma privilege escalation zero-day privilege-escalation flaw

Vulnerability
First: 18.05.2026 07:59 Last: 18.05.2026 07:59 Sources 1

About this happening: **MiniPlasma** is a **Windows privilege-escalation zero-day** in **cldflt.sys** that can give attackers **SYSTEM** privileges on **fully patched Windows systems**. The flaw affect...

Open Happening

Azure Backup for AKS privilege escalation flaw

Vulnerability
First: 16.05.2026 23:55 Last: 16.05.2026 23:55 Sources 1

About this happening: A **critical Azure Backup for AKS** privilege-escalation flaw was independently validated, exposing Kubernetes clusters to **cluster-admin** takeover from the low-privileged **Bac...

Open Happening

Microsoft Edge stops loading saved passwords into cleartext memory at startup

Security Tool/Service
First: 15.05.2026 17:49 Last: 15.05.2026 17:49 Sources 1

About this happening: **Microsoft Edge** is changing its built-in password manager so **saved passwords** are no longer loaded into **process memory in clear text** at startup, reducing the risk of loc...

Open Happening

Windows 11 BitLocker bypass YellowKey security flaw

Vulnerability
First: 14.05.2026 10:27 Last: 14.05.2026 10:27 Sources 1

About this happening: **YellowKey** is a **Windows BitLocker security feature bypass** tracked as **CVE-2026-45585** that can expose **BitLocker-protected drives** through the **Windows Recovery Enviro...

Latest development: 20.05.2026 10:31

Microsoft assigned CVE-2026-45585 to YellowKey, a Windows BitLocker security feature bypass, and recommended removing autofstx.exe from the Session Manager BootExecute REG_MULTI_SZ value, reestablishing BitLocker trust for WinRE, and moving already encrypted devices from TPM-only to TPM+PIN to require a pre-boot PIN.

Open Happening

Timeline

  1. 18.05.2026 01:30 2 articles · 10d ago

    MiniPlasma PoC released for cldflt.sys

    Initial Disclosure

    Chaotic Eclipse, also known as Nightmare Eclipse, released a public proof-of-concept exploit named MiniPlasma for the Windows cldflt.sys Cloud Filter driver on GitHub, publishing source code and a compiled executable while claiming the issue still enables SYSTEM privileges on fully patched Windows systems. Testing on a fully patched Windows 11 Pro system with May 2026 Patch Tuesday updates reproduced a SYSTEM command prompt, and the exploit did not work on the latest Windows 11 Insider Preview Canary build.

    Show sources
    Open in new tab