A cybersecurity researcher has unveiled an exploit aimed at a Windows vulnerability first identified in 2020, raising concerns that it remains unpatched. The flaw, known as CVE-2020-17103, has a CVSS score of 7.0 and involves a privilege escalation issue within the Windows Cloud Filter driver.
Background on the Vulnerability
Google’s Project Zero researchers initially reported this vulnerability, prompting Microsoft to issue fixes as part of its December 2020 Patch Tuesday updates. The vulnerability allows for registry key manipulation through an undocumented API within the Windows Cloud Filter driver. This can potentially enable an attacker to escalate privileges and execute system code.
The exploit, dubbed MiniPlasma, was recently released by a researcher known as Chaotic Eclipse and Nightmare Eclipse. This exploit takes advantage of the security flaw to generate a System shell, indicating that the issue may not have been adequately patched or that previous fixes were reversed.
Researcher’s Findings and Concerns
According to Chaotic Eclipse, the proof-of-concept code initially provided by Project Zero remains effective, suggesting that the vulnerability persists unpatched. The researcher has also released exploits for other vulnerabilities in Microsoft products, expressing dissatisfaction with Microsoft’s handling of vulnerability disclosures.
Senior principal vulnerability analyst at Tharros Labs, Will Dormann, confirmed that MiniPlasma functions on Windows 11 systems with the May 2026 updates installed. However, it does not seem to be effective on the latest Insider Preview Canary version of Windows 11.
Implications and Future Outlook
The release of such an exploit underscores the importance of timely and thorough patching by software vendors. With the exploit now public, systems running affected Windows versions could be at increased risk. Microsoft has been contacted for comments, but as of now, there is no response. Observers are keenly watching for any updates or further developments from the company.
This incident highlights the ongoing challenges in cybersecurity, particularly the need for proactive measures in addressing vulnerabilities. As the situation evolves, stakeholders are urged to remain vigilant and ensure all systems are up to date with the latest security patches.
