Windows zero-day MiniPlasma exploit enabling SYSTEM privilege escalation on patched systems

Security researchers have revealed a Windows zero-day vulnerability called MiniPlasma that enables attackers to escalate privileges to SYSTEM on fully patched systems. The flaw resides in the Cloud Files Mini Filter Driver (cldflt.sys) and is believed to persist despite a previous fix attempt in 2020.

Windows zero-day MiniPlasma exploit enabling SYSTEM privilege escalation on patched systemsWindows zero-day MiniPlasma exploit enabling SYSTEM privilege escalation on patched systems

A proof-of-concept exploit shows that the issue can reliably spawn a SYSTEM-level shell on Windows 11, including systems updated as of May 2026. The vulnerability appears to be a race condition and may affect most Windows versions.

The discovery raises concerns that a previously patched flaw may still exist in modern Windows builds, highlighting ongoing risks in core system drivers used for file and cloud integration.

NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security