VulnerabilityBleeping Computer
7.8 — HIGH
New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released
A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed "MiniPlasma" that lets attackers gain SYSTEM privileges on fully patched Windows systems. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
A Windows zero-day exploit, 'MiniPlasma', has been discovered that grants SYSTEM access on fully patched systems, highlighting a potential vulnerability in Microsoft's patching process. The researcher behind the disclosure, Chaotic Eclipse, is protesting Microsoft's bug bounty and vulnerability-handling process.
⚙️Technical Details
💥Impact Assessment
Severity: High
🛡️Recommended Actions
1Apply the latest security patches to all affected systems
2Monitor system logs for suspicious activity related to the Cloud Filter driver
3Implement additional access controls and restrictions on registry key creation
📦Affected Products
Microsoft Windows 10Microsoft Windows Server 2016Microsoft Windows Server 2019Microsoft Defender Antimalware Platform
🔐NVD Verified DataVERIFIED
CVE-2020-17103 ↗CVSS 7 — HIGH
Attack Vector
LOCAL
Complexity
HIGH
Vector String
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-269
Affected Products (CPE)
Microsoft Windows 10Microsoft Windows Server 2016Microsoft Windows Server 2019
CVE-2026-33825 ↗CVSS 7.8 — HIGH
Attack Vector
LOCAL
Complexity
LOW
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-1220
Affected Products (CPE)
Microsoft Defender Antimalware Platform
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.