MiniPlasma SYSTEM LPE on patched Windows 11: cldflt.sys CVE-2020-17103 reappears
Contents
TL;DR
Last updated May 19, 2026
What it hits Windows Cloud Files Mini Filter Driver cldflt.sys, specifically the HsmOsBlockPlaceholderAccess routine
Reach Windows 11, with “all Windows versions likely affected” per the researcher
Reproduces on Fully patched Windows 11 with May 2026 update; reaches a SYSTEM shell (confirmed by Will Dormann)
Fails on Latest Windows 11 Insider Preview Canary build
CVE status No new CVE. The bug is the same one tracked as CVE-2020-17103, supposedly fixed in December 2020
Reliability Race condition; success rate varies between runs
Timeline James Forshaw (Google Project Zero) reported it in September 2020. Microsoft shipped a patch as CVE-2020-17103 in December 2020. The same bug resurfaced in May 2026.
Related CVE CVE-2025-62221, another cldflt.sys flaw at CVSS 7.8, exploited in the wild by unknown threat actors in December 2025
PoC github.com/Nightmare-Eclipse/MiniPlasma (public)
One day after dropping YellowKey and GreenPlasma, researcher Chaotic Eclipse (Nightmare-Eclipse on GitHub) released MiniPlasma.
The claim: CVE-2020-17103 in the Windows Cloud Files Mini Filter Driver, supposedly patched by Microsoft in December 2020, is still the same exploitable bug five years later. The PoC pops a SYSTEM shell on a fully patched Windows 11 with the May 2026 update applied.
Cross-referencing The Hacker News and Bleeping Computer, the part worth pausing on is the timeline. In December 2025, a different flaw in the same driver — CVE-2025-62221 — was exploited in the wild by unknown threat actors. Right after that, the original CVE-2020-17103 turned out to be reachable again.
The patch never went away on paper, but the underlying bug walked back into the binary.
Timeline: CVE-2020-17103 to MiniPlasma
| When | What |
|---|---|
| 2020-09 | James Forshaw (Google Project Zero) reports a cldflt.sys privilege escalation bug to Microsoft |
| 2020-12-09 | Microsoft patches it as CVE-2020-17103 in December Patch Tuesday, CVSS 7.8 (NIST) |
| 2025-12 | A separate flaw in the same cldflt.sys, CVE-2025-62221, is exploited in the wild by unknown threat actors and patched by Microsoft |
| 2026-04 | Chaotic Eclipse publishes BlueHammer / RedSun / UnDefend in succession |
| 2026-05-12 | Microsoft May 2026 Patch Tuesday |
| 2026-05-13 | YellowKey (BitLocker bypass) and GreenPlasma (CTFMON LPE) hit GitHub |
| 2026-05-18 | The Hacker News and Bleeping Computer report on MiniPlasma; PoC public on GitHub |
NVD’s CVE-2020-17103 entry now shows “Last Modified 2026-05-18”, which lines up with the MiniPlasma disclosure and suggests the entry is being reassessed.
What is actually happening inside cldflt.sys
cldflt.sys (Cloud Files Mini Filter Driver) is the filter driver behind “files that live in the cloud but look local,” primarily used by OneDrive.
When a user double-clicks a file whose contents only exist in the cloud, the driver replaces the placeholder (a thin file that holds a reference to the real data rather than the data itself) with the actual content.
The routine in question is HsmOsBlockPlaceholderAccess, which gates access to those placeholders.
There is a race window between the access check and the actual access. An attacker thread that slips into that window can have the SYSTEM context act on attacker-controlled content — that is MiniPlasma’s claim.
The researcher notes that “success rate may vary since it’s a race condition,” so this is the kind of bug that can fail to fire depending on the environment. That said, a full-chain PoC reaching a SYSTEM shell is already on GitHub.
graph TD
A[Non-privileged user<br/>accesses a file via cldflt] --> B[HsmOsBlockPlaceholderAccess<br/>performs ACL check]
B --> C[Race window<br/>between check and actual access]
C --> D[Attacker thread<br/>swaps the placeholder backing file]
D --> E[SYSTEM context<br/>processes the swapped file]
E --> F[Arbitrary code execution / SYSTEM shell]The “works on fully patched Windows 11 May 2026” / “does not work on the latest Insider Preview Canary” observation comes from Will Dormann at Tharros, who reproduced it independently. Will Dormann also verified BlueHammer, YellowKey, and GreenPlasma, and has effectively become the fact-checking anchor for the Chaotic Eclipse series.
The fact that Canary blocks it is a sign that Microsoft has a fix in motion somewhere internally. No new CVE assignment or advisory exists publicly at this point.
The same driver has broken twice in six months
MiniPlasma is not the first recent crack in cldflt.sys.
| CVE | Disclosed | Summary | Exploitation |
|---|---|---|---|
| CVE-2020-17103 | 2020-12 | Race in HsmOsBlockPlaceholderAccess | Was thought to be patched |
| CVE-2025-62221 | 2025-12 | Different flaw in the same cldflt.sys, CVSS 7.8 | Exploited in the wild, unknown threat actors |
| MiniPlasma | 2026-05 | Same routine as CVE-2020-17103, returned | Public PoC, no known in-the-wild use yet |
At the driver level, the last six months have produced a re-emergence of a previously patched bug, in-the-wild exploitation of a second flaw, and a public PoC. cldflt.sys ships in any OneDrive environment, which is the default configuration, so the affected install base is broad.
The CVE-2025-62221 in-the-wild use matters here. It tells us cldflt.sys is already on the radar of APT-grade attackers as a place to land payloads. MiniPlasma isn’t opening a new path into the driver — it’s the December 2020 fix having regressed. That’s the part that should be unsettling.
Where MiniPlasma fits in the Chaotic Eclipse run
MiniPlasma extends the run of Windows zero-days that Chaotic Eclipse (a.k.a. Nightmare-Eclipse) has been publishing since April.
| Released | Bug | Target | Status |
|---|---|---|---|
| 2026-04 | BlueHammer | Windows Defender LPE | CVE-2026-33825, patched in April |
| 2026-04 | RedSun | Defender family | Researcher claims silent patch |
| 2026-04 | UnDefend | Defender family | Details not public |
| 2026-05-13 | YellowKey | BitLocker bypass | Unpatched |
| 2026-05-13 | GreenPlasma | CTFMON LPE | Unpatched |
| 2026-05-18 | MiniPlasma | cldflt.sys LPE | Unpatched (an incomplete-patch story for CVE-2020-17103) |
On May 13 the researcher teased a “big surprise” for the June Patch Tuesday cycle. Whether MiniPlasma is that surprise or whether something else is still queued is unclear today.
BlueHammer hit the Cloud Files API + VSS interaction; MiniPlasma hits cldflt.sys directly. Either way, the Cloud Files surface is clearly something the researcher keeps probing.
The frustration around RedSun’s silent patch (closed inside the May update without an advisory or CVE, according to the researcher) is the stated motivation for this run. Microsoft has not responded publicly so far.
Scope and what to actually do
MiniPlasma by itself is a local privilege escalation, not an initial-access vector. It assumes the attacker can already run code as a standard user.
That said, cldflt.sys is resident wherever OneDrive is in play, which is most of the Windows install base.
| Angle | Concrete action |
|---|---|
| Detection | Check whether EDR can catch placeholder access through cldflt.sys followed shortly by a high-privilege process starting up |
| OneDrive footprint | Disable Cloud Files sync on machines that don’t actually need it, or scope it to specific users |
| Initial-access controls | LPE alone is not enough on its own, so harden the layers that stop phishing- and supply-chain-driven RCEs |
| Patch Tuesday watch | Watch June Patch Tuesday (scheduled 2026-06-09) for a new cldflt.sys CVE. Canary blocking it points to a likely June fix |
| Insider Preview | If you can run a non-production Canary build, comparing its behavior here gives you a preview of what June’s release is likely to ship |
Placeholder activity under OneDrive is noisy in normal operation, so cldflt.sys telemetry on its own is not a clean signal. Pair it with what follows — lsass access, new SYSTEM-context processes — to make detection actually work.