MiniPlasma: A Researcher's SYSTEM Exploit Just Revealed Microsoft's 2020 Patch Was Silently Undone
Nightmare-Eclipse released MiniPlasma May 13, 2026 — a working SYSTEM-level exploit for cldflt.sys on fully patched Windows 11. The bug is CVE-2020-17103, patched by Microsoft in December 2020. The 2020 PoC still works — and no 2026 patch exists.
A researcher publishing as Nightmare-Eclipse released MiniPlasma on May 13, 2026 — a working SYSTEM-level privilege escalation PoC for cldflt.sys, the Windows Cloud Filter driver behind OneDrive. The exploit runs on fully patched Windows 11. The bug is CVE-2020-17103, the one Google Project Zero's James Forshaw disclosed in September 2020 and Microsoft reportedly patched that December. Six years later, the original PoC still works — and there is no patch.
REDMOND, WASHINGTON — On May 13, 2026 — one day after Microsoft's May Patch Tuesday cycle and five days before this story landed — a researcher using the alias Nightmare-Eclipse (also tracked as Chaotic Eclipse) published a working proof-of-concept exploit on GitHub for a Windows local privilege escalation vulnerability dubbed MiniPlasma. The flaw lives in the HsmOsBlockPlaceholderAccess routine of cldflt.sys, the Windows Cloud Filter driver that backs OneDrive and other cloud-sync features. It is the same vulnerability James Forshaw of Google Project Zero disclosed to Microsoft in September 2020 and which Microsoft tracked as CVE-2020-17103 and reportedly patched in December 2020. Nightmare-Eclipse demonstrated that the original 2020 PoC code works without modification on fully patched Windows 11, opening a command prompt running with SYSTEM privileges from a standard user account.
What Happened
The 2020 Disclosure
In September 2020, Google Project Zero researcher James Forshaw reported a flaw in cldflt.sys to Microsoft. The vulnerability sat in the HsmOsBlockPlaceholderAccess routine — a code path that handles Cloud Filter driver access decisions for OneDrive-backed placeholder files. Microsoft assigned CVE-2020-17103 and shipped what was understood to be the fix in the December 2020 Patch Tuesday release. The PoC Forshaw published demonstrated full SYSTEM-level escalation from an unprivileged user account.
The 2026 Re-Drop
Six years later, on May 13, 2026, Nightmare-Eclipse posted MiniPlasma to GitHub with one critical claim: the 2020 PoC runs unmodified on a fully patched Windows 11 host. Independent testing by Cybersecurity News, The Hacker News, BleepingComputer, and SecurityAffairs confirmed the claim. The exploit reliably spawns a SYSTEM command prompt from a standard user session. There are two possibilities — Microsoft's 2020 fix was reverted in a subsequent code change, or it never landed in the version of cldflt.sys currently shipping on Windows 11. Either way, the public weaponized PoC predates any 2026 patch.
Why cldflt.sys Matters
Cldflt.sys is the Windows Cloud Filter driver. It is the kernel-mode component that lets OneDrive — and other cloud-sync providers using the Cloud Files API — present remote files as placeholder objects in the local filesystem. The driver ships on essentially every supported Windows endpoint, even on systems where the user has never enabled OneDrive, because the API surface is part of the base OS. That means the vulnerable code path is broadly present, not gated behind an optional feature.
Scope and Impact
MiniPlasma requires local access — it is not a remote exploit. But the local-access bar is low in modern attack chains: any malware running as a standard user (phishing payload, malicious Office macro, drive-by download, RDP credential abuse) gains a path to SYSTEM with this PoC. Once SYSTEM is achieved, the attacker has full control of the host — disable Defender, install rootkits, persist via scheduled tasks, dump credentials, or pivot to other systems on the network. Privileged user workstations, VDI golden images, and developer machines with administrative credentials cached carry the highest blast radius. The May 2026 Patch Tuesday cycle, released the day before MiniPlasma went public, fixed 120 vulnerabilities — none of them addressed this regression. As of publication, Microsoft has not issued a new CVE for the 2026 weaponization or publicly acknowledged the regression.
This pattern — Microsoft's fix shipping, then later being undone or never reaching production — is the second consecutive month it has surfaced. Just three weeks ago, another Microsoft incomplete-patch pattern with CVE-2026-32202 gave APT28 a zero-click authentication coercion vector after Microsoft's February fix for the underlying APT28 zero-day blocked the RCE path but left the credential-theft path open. Akamai researchers found that one during patch differential analysis. MiniPlasma is the same failure mode, but more severe — the entire fix is missing, not just an adjacent edge case.
Response and Attribution
Microsoft has not issued any public statement on MiniPlasma or the cldflt.sys regression as of May 18, 2026. There is no new CVE, no advisory in the MSRC update guide, and no formal mitigation guidance. The published PoC is on Nightmare-Eclipse's GitHub account; security researchers across multiple outlets have validated that it produces SYSTEM-context process spawns from interactive standard-user sessions. The researcher has not been previously documented as a threat actor — the alias appears to be that of a security researcher operating in the public-disclosure tradition, similar to how Forshaw originally published the 2020 details once Microsoft's patch shipped.
For defenders, this means there is no patch path today and no Microsoft-recommended mitigation. The cldflt.sys driver cannot be safely disabled on most systems without breaking OneDrive and the broader Cloud Files API surface. Detection — not prevention — is the workable response for the next several weeks.
The CyberSignal Analysis
Signal 01 — Silent Patch Regression Is Now a Documented Pattern
The MiniPlasma drop is the second incomplete-or-undone Microsoft patch this cycle. CVE-2026-32202 — the APT28 incomplete-patch case — was the first; MiniPlasma is more severe because the regression appears total rather than partial. Defenders need to add patch-regression validation to their workflow: not only "did we apply the update" but "is the originally disclosed exploit primitive still functional against our hosts." Independent patch differential analysis used to be exotic; with two cases in three weeks, it is becoming an operational requirement. Long-lived OS kernel privilege escalation flaws — as documented in the Linux 'Copy Fail' CVE-2026-31431 case and Pack2TheRoot, the 12-year-old PackageKit bug — are a category, not an anomaly, and "fully patched" no longer guarantees protection from the bugs vendors disclosed years ago.
Signal 02 — Cloud Filter Driver Is an Under-Monitored Attack Surface
Cldflt.sys is one of those Windows components that ships on every endpoint, gets virtually no security telemetry from default EDR configurations, and underpins user-facing behavior (OneDrive placeholders) that operations teams rarely touch. That combination — broad presence, low telemetry, productive bug class — is why the same code path produced a SYSTEM bug in 2020 and is producing one again in 2026. SOC teams should verify their EDR is capturing kernel events from Cloud Filter operations, build detection rules for unexpected SYSTEM-context process spawns originating from interactive sessions, and treat any cldflt.sys-related anomaly as a high-priority hunt for the next 60–90 days. This is the same operational logic that applies to other novel Windows privilege escalation tradecraft like PhantomRPC — when Microsoft declines to patch or hasn't patched yet, detection telemetry is the only working control.
Signal 03 — AI-Assisted Bug Rediscovery Just Made This Worse
Nightmare-Eclipse appears to have rediscovered the regression through manual analysis of the 2020 PoC against current binaries. That is the old-fashioned method. The new method — AI-assisted vulnerability discovery at vendor scale, like Microsoft's own MDASH and Palo Alto's Mythos — means future regressions like this will surface much faster. The asymmetric exposure is straightforward: every prior CVE in Microsoft's history is a candidate for re-testing against current binaries with a competent AI system. Defenders should expect the population of "silently undone" patches to grow as the AI discovery population grows. Build patch-regression validation into your stack now, before the volume gets larger. The cost of regression failures has its own recent precedent on the Defender side, and the pattern is converging across the vendor's product stack.
