PatchDay Alert
Subscribe →
Analysis · 7 min read · 1,334 words By Colten Anderson · Commentary

Microsoft patched a SYSTEM bug in 2020. It still works in 2026.

A pseudonymous researcher published MiniPlasma, a working PoC for CVE-2020-17103, and the only thing standing between you and a SYSTEM shell is a driver you cannot turn off.

Microsoft patched a SYSTEM bug in 2020. It still works in 2026.

A working proof-of-concept for a 2020 Windows elevation-of-privilege bug now opens a SYSTEM shell on a fully patched Windows 11 box, and the vulnerable driver is the same one OneDrive needs to function. That is the situation as of this week. Microsoft says it is “investigating.” The earliest plausible fix is the June 10 Patch Tuesday cycle.

The exploit is called MiniPlasma. It was dropped to GitHub on or around May 13, 2026 by a researcher operating under the alias Chaotic Eclipse, one day after May Patch Tuesday. The bug it weaponizes is CVE-2020-17103, an elevation-of-privilege flaw in the Windows Cloud Files Mini Filter Driver (cldflt.sys) that Microsoft marked fixed on December 10, 2020. Reporters at Bleeping Computer, SecurityWeek, and The Hacker News each ran the binary as a standard user on a Windows 11 Pro host carrying the May 2026 updates (KB5089549) and watched a SYSTEM prompt open. Per The Hacker News, the original Project Zero PoC code from 2020 runs unmodified against current Windows 11.

The researcher’s own framing of the situation, quoted by SecurityWeek, is the cleanest statement of the problem: “I’m unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons.”

A “fixed” bug that was never fixed

The MSRC advisory for CVE-2020-17103 is the kind of artifact security teams treat as closed. Advisory published. CVSS set at 7.8. CWE-269, improper access control. Fix shipped in the December 2020 cumulative. The case sits in the queue as resolved for five and a half years, while Windows ships hundreds of subsequent cumulative updates and a major OS version transition. Then a stranger compiles 2020’s exploit code against 2026’s binaries and it still works.

There are three possibilities. The fix was incomplete from day one and nobody noticed because nobody re-tested. A later Windows build regressed it. Someone inside Microsoft rolled it back on purpose. The researcher does not know which. Neither does Microsoft, judging by the silence. Security Affairs notes that no new CVE has been opened and no MSRC advisory has appeared for the regression as of disclosure. The May 2026 release notes for KB5089549 carried a vague “defense-in-depth update” line for the Cloud Files driver that researchers are now reading as a quiet acknowledgment, which is not the same thing as a fix.

For the operator, the cause does not matter much. The system is exploitable. The advisory page that you used to mark this risk closed in your tracking system is wrong, and has been wrong for years.

One driver, four CVEs, four bug classes

A single bug is an accident. The pattern around cldflt.sys is something else.

  • CVE-2020-17103 (December 2020): improper access control, CVSS 7.8. The one MiniPlasma exploits.
  • CVE-2023-36696 (December 2023): out-of-bounds read, CVSS 7.8.
  • CVE-2025-55680 (October 2025): TOCTOU race condition, CVSS 7.8. Exodus Intelligence’s writeup describes a window between filename validation and file creation that lets an attacker write into C:\Windows\System32.
  • CVE-2026-34337 (May 2026): use-after-free, CVSS 7.8. Patched the same Patch Tuesday immediately preceding MiniPlasma’s release.

Four CVEs, four distinct bug classes, four separate patch dates, all in one kernel minifilter. A different cldflt.sys bug, CVE-2025-62221, was exploited in the wild in December 2025. This is not bad luck. It is a component that keeps shipping the same category of failure across years and a major OS version, in code that runs in the kernel and cannot be turned off on any machine that uses cloud sync.

The driver’s centrality is the problem. cldflt.sys is what makes OneDrive’s Files On-Demand work. Dropbox, Google Drive’s Windows integration, and SharePoint libraries all register against the same Cloud Filter API. You cannot remove it from a consumer or enterprise Windows install without breaking the cloud sync features that the same vendor sells you in the next breath. Any kernel bug in this driver inherits that blast radius for free.

What you can actually do this week

fltmc unload cldflt from an elevated prompt stops the driver immediately. It also breaks OneDrive sync. On server-class hosts where nobody is running OneDrive, that is a reasonable short-term move. On a managed workstation fleet, it is not, and any vendor or consultant suggesting you do it across your endpoints has not thought it through.

That leaves detection and local-access hygiene. The good news, such as it is, is that MiniPlasma leaves a legible footprint. The exploit writes to \Registry\User\Software\Policies\Microsoft\CloudFiles\BlockedApps* and \Registry\User\.DEFAULT\Volatile Environment*, and it creates a named pipe artifact called MiniPlasmaWERPipe. ThreatLocker published a community detection policy (TL.REG.1747) on May 18, 2026 that keys on the registry artifact. Process-lineage rules that flag a SYSTEM-integrity shell whose parent is a standard-user session catch the obvious case.

The more durable hunt is on anomalous Cloud Files API calls. The set of legitimate processes that invoke CfAbortHydration or send IOCTLs to cloud filter device names is small: the OneDrive client and a handful of sync tools. Everything else is interesting.

EDR coverage is partial and the vendor statements are thin. SecurityWeek reports that SentinelOne updated behavioral rules to flag the published exploit pattern and CrowdStrike’s Falcon sensor will alert on the technique, but neither vendor has released a named detection or rule documentation. How well any of this holds up against a recompiled variant with the named pipe renamed is not knowable from the public material.

CVE-2020-17103 is not in the CISA KEV catalog, and there are no public reports of in-the-wild MiniPlasma exploitation. Barracuda’s writeup on the Chaotic Eclipse campaign claims three of the six zero-days dropped since April have been weaponized, without specifying which three. Whether MiniPlasma is one of them is unconfirmed. Treat the PoC-only status as today’s weather, not next week’s.

What this should change

The lesson here is not that Microsoft is uniquely bad at kernel code. The lesson is operational. A CVE marked “patched” five years ago is a snapshot of a moment, not a guarantee about the present. Your asset inventory and your vulnerability tracker treat fixed bugs as closed cases because that is the only way the bookkeeping scales. The bookkeeping is occasionally wrong, and the only thing that catches it is somebody outside the vendor recompiling the old exploit against the current binary.

Most defenders cannot do that at scale. So the realistic response is narrower. When a kernel component accumulates four separate-class CVEs across four years, stop treating new advisories for that component as routine and start treating the component itself as a standing risk. cldflt.sys belongs on that list now. So does any other driver that has shipped this many bug classes in this short a window.

Budget for a June 10 fix. Do not assume an out-of-band patch. Put the registry and named-pipe detections in tonight. If you run server workloads that have no business doing cloud sync, unload the driver and move on.

PatchDay Alert tracks bugs like this in the daily digest, including the awkward case where the advisory says one thing and the binary says another.

The MSRC advisory page for CVE-2020-17103 still says “Security Update.” That status field has a job to do, and right now it is not doing it.

Sources

Share

X LinkedIn Facebook Email
Tags #windows #patch-management #vulnerability-disclosure

Related field notes

Get the free CVE triage cheat sheet

Subscribe and we'll email you the one-page triage flow for fresh CVEs. Plus the weekday digest.

Subscribe