Chaotic Eclipse, a security researcher known for disclosing Windows vulnerabilities YellowKey and GreenPlasma, has released a proof-of-concept exploit for MiniPlasma, a Windows zero-day privilege escalation flaw that grants SYSTEM-level access on fully patched systems.
The vulnerability affects cldflt.sys, the Windows Cloud Files Mini Filter Driver. MiniPlasma allows unprivileged local attackers to escalate privileges to SYSTEM level, the highest privilege tier in Windows. The flaw works on systems running the latest patches, meaning standard security updates provide no protection.
The Windows Cloud Files Mini Filter Driver handles file system operations for cloud storage integration, including OneDrive and other cloud services. Its deep integration into Windows kernel architecture makes it an attractive target for privilege escalation attacks. By exploiting MiniPlasma, an attacker with local access can gain complete system control, enabling them to install malware, exfiltrate data, disable security controls, or move laterally across networks.
Chaotic Eclipse's public PoC release accelerates the risk timeline for enterprises and individual users. Attackers can now weaponize MiniPlasma without reverse-engineering the vulnerability themselves. The researcher's track record with YellowKey and GreenPlasma demonstrates technical sophistication and public disclosure intent.
Organizations cannot rely on patching alone to defend against MiniPlasma until Microsoft releases a fix. Local access controls become the primary mitigation. Restricting user account privileges, disabling unnecessary services, and implementing application whitelisting reduce exploitation surface. Security teams should monitor for suspicious cldflt.sys activity and credential access attempts following local compromise.
Microsoft has not yet issued a patch or even confirmed the vulnerability publicly. The absence of vendor acknowledgment leaves a dangerous gap between public exploit availability and defensive measures. Users and administrators should assume