A newly uncovered security flaw in Windows, known as MiniPlasma, is exposing systems to potential attacks by granting SYSTEM privileges to unauthorized users. This significant vulnerability targets the ‘cldflt.sys’ component, specifically within the ‘HsmOsBlockPlaceholderAccess’ routine, and affects fully patched Windows systems. The flaw, first reported by Google Project Zero’s James Forshaw in September 2020, has resurfaced despite being previously addressed.
Unresolved Security Threat
MiniPlasma, identified by security researcher Chaotic Eclipse, sheds light on a critical oversight in Windows security. Originally believed to be patched under CVE-2020-17103 in December 2020, new findings indicate that the issue remains unresolved. Chaotic Eclipse has demonstrated the vulnerability through a proof-of-concept (PoC) exploit, raising concerns about the effectiveness of past patches.
The PoC, which successfully executes a SYSTEM shell, highlights the persistent nature of this vulnerability. Chaotic Eclipse noted the exploit’s reliability, although it operates as a race condition, meaning the success rate may vary across different setups.
Impact Across Windows Versions
The MiniPlasma vulnerability is believed to affect all versions of Windows currently in use. Security researcher Will Dormann confirmed its effectiveness on Windows 11 systems updated as of May 2026, though it appears ineffective on the latest Insider Preview Canary builds. This broad impact underscores the need for immediate attention to patch this flaw.
The revelation of MiniPlasma comes on the heels of another privilege escalation issue in the same component addressed by Microsoft in December 2025. Known as CVE-2025-62221, this flaw had a significant CVSS score of 7.8 and was actively exploited by unidentified threat actors, further emphasizing the need for robust security measures.
Outlook and Recommendations
As security experts analyze the MiniPlasma flaw, it is crucial for organizations and individuals running Windows systems to remain vigilant. Microsoft is expected to deliver a comprehensive fix to mitigate this vulnerability, but users should stay informed about updates and advisories from credible sources.
This incident highlights the ongoing challenges in cybersecurity, emphasizing the importance of continuous monitoring and timely patch management to safeguard against evolving threats.
