New Windows 'MiniPlasma' Zero-Day Exploit Grants SYSTEM Access
A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed "MiniPlasma" that lets attackers gain SYSTEM privileges on fully patched Windows systems.
A cybersecurity researcher has released a proof-of-concept (PoC) exploit for a previously undisclosed privilege escalation vulnerability in Windows, currently dubbed "MiniPlasma." The exploit allows an attacker with low-level access to elevate their privileges to SYSTEM, the highest level of authority on a Windows machine.
The vulnerability affects fully patched Windows systems, indicating a significant security gap that bypasses existing protections. By leveraging the MiniPlasma exploit, an attacker can execute arbitrary code with full administrative control, potentially leading to complete system compromise, data theft, or the installation of persistent malware.
While the PoC is now public, details regarding the specific Windows components targeted by MiniPlasma remain limited. Users and administrators are advised to monitor official channels for security updates from Microsoft. In the absence of an official patch, organizations should implement the principle of least privilege and restrict access to sensitive system areas to minimize the potential impact of such privilege escalation attacks. BleepingComputer
The PoC, released by researcher Chaotic Eclipse, targets the cldflt.sys driver (Cloud Files Mini Filter Driver) and follows the same researcher's previous disclosures of YellowKey and GreenPlasma flaws. While the exploit grants SYSTEM privileges on fully patched Windows systems, no CVE identifier has been assigned yet, and Microsoft has not issued an official advisory or patch. The vulnerability adds to a growing list of Windows kernel zero-days disclosed without coordinated vendor response.
The SecurityWeek report adds that the MiniPlasma exploit leverages original proof-of-concept code targeting a Windows vulnerability first disclosed in 2020, which Microsoft has never patched. The exploit poses a risk of local privilege escalation or remote code execution depending on the specific CVE, and the researcher's public release increases the urgency for organizations to apply mitigations or workarounds.