Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Critical Windows Flaw Allows SYSTEM Access: MiniPlasma Zero-Day

Critical Windows Flaw Allows SYSTEM Access: MiniPlasma Zero-Day

Posted on May 18, 2026 By CWS

A newly discovered Windows zero-day vulnerability, named ‘MiniPlasma’, poses a significant threat by granting SYSTEM-level access on fully updated Windows systems. This security flaw has surfaced with a public exploit, drawing considerable attention from the cybersecurity community.

Discovery and Release of MiniPlasma Exploit

The exploit was made public by security researcher Nightmare-Eclipse on GitHub on May 13, 2026. The researcher claims that Microsoft either overlooked or reversed a previous fix for a vulnerability initially identified six years prior. The issue targets the Cloud Filter driver’s HsmOsBlockPlaceholderAccess function, originally reported by Google Project Zero’s James Forshaw in September 2020.

Microsoft had assigned CVE-2020-17103 to the flaw, with a supposed fix implemented during the December 2020 Patch Tuesday updates. Despite this, the flaw remains exploitable, as demonstrated by the unmodified proof-of-concept code, leaving systems vulnerable until at least the next scheduled patch release.

Technical Details of the MiniPlasma Vulnerability

The vulnerability allows arbitrary registry key creation in the .DEFAULT user hive without proper access checks. According to Google Project Zero, this occurs due to the HsmOsBlockPlaceholderAccess function’s failure to implement the OBJ_FORCE_ACCESS_CHECK flag, enabling attackers to bypass standard access controls.

The exploit leverages a race condition, alternating between user and anonymous tokens, to manipulate the RtlOpenCurrentUser function in the kernel. Successful execution results in unauthorized registry key creation within the .DEFAULT hive, granting SYSTEM-level privileges to attackers.

Impact and Response to the MiniPlasma Threat

Nightmare-Eclipse’s proof-of-concept highlights the ease with which the exploit can be executed on multi-core systems, effectively granting SYSTEM access from standard user accounts. The Cloud Filter driver, integral to services like OneDrive, means the vulnerability impacts a wide range of Windows installations, presenting a significant risk to enterprises and cloud environments.

Organizations are advised to closely monitor Microsoft’s security updates and prepare to implement patches promptly once available. With the exploit code publicly accessible, the urgency to mitigate potential attacks is heightened.

Stay updated with the latest security developments by following us on Google News, LinkedIn, and X. Ensuring your systems are protected against emerging threats like MiniPlasma is crucial in maintaining robust cybersecurity defenses.

Cyber Security News Tags:Cloud Filter driver, Cybersecurity, Exploit, GitHub, Google Project Zero, Microsoft, MiniPlasma, Patch Tuesday, SYSTEM access, Windows security, zero-day vulnerability

Post navigation

Previous Post: Shai-Hulud Worm Clones Spark New Cybersecurity Threats
Next Post: Four NPM Packages Found with Malware and DDoS Bot

Related Posts

Major MOVEit Security Flaw Prompts Urgent Software Update Major MOVEit Security Flaw Prompts Urgent Software Update Cyber Security News
Ukraine Hackers Claimed Cyberattack on Major Russian Drone Supplier Ukraine Hackers Claimed Cyberattack on Major Russian Drone Supplier Cyber Security News
Critical Flowise AI Vulnerability Exploited in Cyber Attacks Critical Flowise AI Vulnerability Exploited in Cyber Attacks Cyber Security News
GitLab Patches Multiple Vulnerabilities that Allows Attackers to Trigger XSS and DoS Attack GitLab Patches Multiple Vulnerabilities that Allows Attackers to Trigger XSS and DoS Attack Cyber Security News
Tsundere Botnet Abusing Popular Node.js and Cryptocurrency Packages to Attack Windows, Linux, and macOS Users Tsundere Botnet Abusing Popular Node.js and Cryptocurrency Packages to Attack Windows, Linux, and macOS Users Cyber Security News
Tenable Confirms Data Breach – Hackers Accessed Customers Contact Details Tenable Confirms Data Breach – Hackers Accessed Customers Contact Details Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Fake Installers Deploy SharkLoader Malware in Networks
  • Critical Vulnerabilities in FatFs Impact Millions of Devices
  • Hackers Exploit Blogspot and PowerShell for Data Theft
  • Critical Linux Kernel Bug Allows Unauthorized Root Access
  • Nebula’s AI-Powered Security Tool Revolutionizes Testing

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Fake Installers Deploy SharkLoader Malware in Networks
  • Critical Vulnerabilities in FatFs Impact Millions of Devices
  • Hackers Exploit Blogspot and PowerShell for Data Theft
  • Critical Linux Kernel Bug Allows Unauthorized Root Access
  • Nebula’s AI-Powered Security Tool Revolutionizes Testing

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark