MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
MiniPlasma zero-day in Windows cldflt.sys driver enables SYSTEM privilege escalation on fully patched Windows 11 systems — no Microsoft patch available yet.
What’s new: A newly disclosed Windows zero-day vulnerability, codenamed MiniPlasma, allows attackers to escalate privileges to SYSTEM on fully patched Windows systems. The flaw resides in the “cldflt.sys” driver and was originally reported to Microsoft in September 2020. Despite being thought to be patched, it remains unaddressed, allowing exploitation via a proof-of-concept released by security researcher Chaotic Eclipse.
Who’s affected
All versions of Windows are likely affected by this vulnerability, including the latest Windows 11 systems running the May 2026 updates. The exploit has been confirmed to work reliably on these systems.
What to do
- Monitor for updates from Microsoft regarding a patch for the MiniPlasma vulnerability.
- Consider implementing additional security measures to limit access to sensitive systems until a fix is available.
- Review and apply any relevant security configurations to mitigate potential exploitation.
