A researcher known as Chaotic Eclipse has released the MiniPlasma proof-of-concept exploit, claiming it can still gain SYSTEM privileges on fully patched Windows 11 systems through the cldflt.sys Cloud Filter driver. The disclosure adds to a series of recent Windows zero-days from the same researcher, including BlueHammer, RedSun, YellowKey, and GreenPlasma. #MiniPlasma #ChaoticEclipse #cldfltsys #GoogleProjectZero #Microsoft
Keypoints
- MiniPlasma is a Windows privilege escalation zero-day that can grant SYSTEM access.
- The exploit targets the cldflt.sys Cloud Filter driver and the HsmOsBlockPlaceholderAccess routine.
- Chaotic Eclipse published both source code and a compiled exploit on GitHub.
- Researchers confirmed the exploit works on fully patched Windows 11 systems, but not on the latest Canary build.
- MiniPlasma is part of a broader wave of Windows zero-day disclosures from Chaotic Eclipse.