Windows Privilege Escalation Flaw CVE-2020-17103 Remains Unpatched, Exploit Released
A security researcher has released MiniPlasma, an exploit targeting CVE-2020-17103 a Windows privilege escalation vulnerability initially disclosed in 2020 after discovering the flaw may have never been fully patched. The issue, rated 7.0 on the CVSS scale, resides in the Windows Cloud Filter driver and allows attackers to manipulate registry keys via an undocumented API.
Google’s Project Zero first reported the vulnerability in 2020, prompting Microsoft to release fixes in its December 2020 Patch Tuesday updates. However, researcher Chaotic Eclipse (also known as Nightmare Eclipse) found that the original proof-of-concept (PoC) code from Project Zero still works, suggesting the patch was either ineffective or later reverted. The exploit enables unauthenticated attackers to create registry keys in the DEFAULT user hive without access checks, potentially leading to system-level code execution.
Chaotic Eclipse, who has previously released exploits for other unpatched Microsoft vulnerabilities (BlueHammer, YellowKey, GreenPlasma), expressed frustration with Microsoft’s handling of vulnerability reports. The MiniPlasma exploit successfully spawns a System shell on fully updated Windows 11 systems, including those with the May 2026 security updates, though it fails on the latest Windows 11 Insider Preview Canary builds.
Microsoft has been contacted for comment but has not yet responded. The discovery follows recent disclosures of other unpatched or incompletely fixed Windows vulnerabilities, including zero-click attack vectors and privilege escalation techniques.
Source: https://www.securityweek.com/researcher-drops-miniplasma-windows-exploit-for-unpatched-2020-cve/
Microsoft Security Response Center cybersecurity rating report: https://www.rankiteo.com/company/microsoft-security-response-center
"id": "MIC1779107360",
"linkid": "microsoft-security-response-center",
"type": "Vulnerability",
"date": "12/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Windows 11 users',
'industry': 'Software',
'location': 'Global',
'name': 'Microsoft',
'type': 'Technology Company'}],
'attack_vector': 'Local',
'date_detected': '2020',
'description': 'A security researcher has released *MiniPlasma*, an exploit '
'targeting CVE-2020-17103, a Windows privilege escalation '
'vulnerability initially disclosed in 2020 after discovering '
'the flaw may have never been fully patched. The issue, rated '
'7.0 on the CVSS scale, resides in the Windows Cloud Filter '
'driver and allows attackers to manipulate registry keys via '
'an undocumented API. The exploit enables unauthenticated '
'attackers to create registry keys in the DEFAULT user hive '
'without access checks, potentially leading to system-level '
'code execution.',
'impact': {'operational_impact': 'Potential system-level code execution',
'systems_affected': 'Windows 11 (fully updated, including May 2026 '
'security updates)'},
'investigation_status': 'Ongoing',
'motivation': 'Frustration with Microsoft’s handling of vulnerability reports',
'post_incident_analysis': {'root_causes': 'Ineffective or reverted patch for '
'CVE-2020-17103'},
'references': [{'source': 'Google’s Project Zero'},
{'source': 'Chaotic Eclipse (Nightmare Eclipse)'}],
'threat_actor': 'Chaotic Eclipse (Nightmare Eclipse)',
'title': 'Windows Privilege Escalation Flaw CVE-2020-17103 Remains Unpatched, '
'Exploit Released',
'type': 'Privilege Escalation',
'vulnerability_exploited': 'CVE-2020-17103'}