Skip to content
logo The magazine for digital lifestyle and entertainment
A brand of Bild
CoBi Microsoft News Security Windows All topics
Known Vulnerability

Ancient Flaw Unpatched? Hacker Exposes Microsoft

Laptop With Warning Signal
Microsoft reportedly patched a security flaw in Windows years ago. However, a hacker has now publicly demonstrated otherwise. Photo: Getty Images
Share article

May 19, 2026, 9:31 am | Read time: 2 minutes

A vulnerability known since 2020 as “MiniPlasma” allows attackers to gain system privileges. The exploit still works despite Microsoft’s alleged fix. Independent tests confirm the risk on fully patched systems. A security update from Microsoft is still pending.

Known Vulnerability

According to the online magazine “Born City,” the MiniPlasma vulnerability has been known since 2020. It was first mentioned as part of Google Project Zero, a team specializing in identifying zero-day vulnerabilities. Google security expert James Forshaw identified the flaw under the designation CVE-2020-17103. Officially, Microsoft had fixed the vulnerability, but recent findings contradict this claim.

The security researcher, who operates under various pseudonyms such as “Chaotic Eclipse,” claims that the exploit still works. The vulnerability is located in the cloud filter driver cldflt.sys, which is responsible for integrating cloud files like OneDrive. The flaw allows attackers to gain system privileges from a regular user account, effectively giving them full control over the computer.

More on the topic

Is a Patch Coming?

Independent tests confirm the exploit’s functionality. The online magazine “BleepingComputer” reported that an attack on a fully patched Windows 11 Pro system with security updates from May 2026 was successfully simulated. Security analyst Will Dormann also confirmed the exploit’s effectiveness. However, in a newer insider test version of Windows 11, the issue no longer appeared, suggesting an imminent patch.

Also of interest: Windows 11 gets a new turbo mode

Microsoft emphasizes that reported security issues are continuously investigated and coordinated disclosure is prioritized. Given the functioning exploit, an official security update is urgently awaited. Nightmare Eclipse has previously revealed similar vulnerabilities, putting Microsoft under pressure.

Personal Background of the Security Researcher

According to blog posts by Nightmare Eclipse, his intention is not to harm users or gain financial benefits on the black market. Instead, he aims to highlight misguided security policies at Microsoft. Whether MiniPlasma has been exploited by cybercriminals since the alleged fix remains unknown. There is hope that an upcoming patch will finally close the security gap.

This article is a machine translation of the original German version of TECHBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@techbook.de.

You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.