“Exactly the same problem that was reported to Microsoft by Google’s Project Zero is actually still present, unfixed”: Chaotic Eclipse Strikes Again with Another Worrying Windows Security Flaw

Chaotic Eclipse Researcher Reveals New Windows 11 Zero Day Affecting Cloud Filter Driver
MiniPlasma, originally identified as CVE‑2020‑17103, was reported years ago but remains exploitable despite previous patch attempts.
This is the sixth vulnerability disclosed by the researcher, highlighting ongoing disputes with Microsoft’s handling of bug reports.

Bad actors could escalate their privileges and gain SYSTEM access on a fully patched Windows 11 device thanks to an unpatched vulnerability that should have been fixed years ago, according to new reports.

A researcher going by the pseudonym Chaotic Eclipse recently disclosed a proof-of-concept (PoC) exploit for a zero-day vulnerability he named “MiniPlasma.” In a new GitHub entry, the researcher said that the bug affects the Cloud Filter driver “cldflt.sys” and its routine “HsmOsBlockPlaceholderAccess”.

They said Google’s Project Zero reported the issue to Microsoft in December 2020, which even fixed it at some point in the meantime. However, for unknown reasons, the vulnerability can now be exploited. They assume the fix was either done incorrectly or rolled back.

Chaotic eclipse

“Upon investigation, it turns out that the same issue reported to Microsoft by Google Project Zero is still present and unfixed,” Chaotic Eclipse said. “I don’t know if Microsoft simply never fixed the problem or if the fix was silently rolled back at some point for unknown reasons. Google’s original PoC worked without any modifications.”

The vulnerability, identified as CVE-2020-17103, was tested by researchers at BeepComputeras well as by independent researcher Will Dormann, of Tharros, and both have confirmed that it works. Dormann pointed out that the bug does not work in the latest Windows 11 Insider Preview Canary build.

For weeks now, Chaotic Eclipse has been regularly revealing different vulnerabilities affecting fully patched Windows 11 machines. Apparently they are unhappy with the way Microsoft handles bug reports. So far, they have disclosed five vulnerabilities, called RedSun, UnDefend, BlueHammer, YellowKey and GreenPlasma. In the meantime, RedSun has reportedly been patched quietly.

With MiniPlasma, the total number is now six, and it can be assumed that there will be more.

“Normally I would beg them to fix a bug, but long story short, they told me personally that they were going to ruin my life and they did. I’m not sure if I was the only one who had this horrible experience or if few people did, but I think most would eat it and cut their losses, but for me, they took it all away,” the researcher said.

“They cleaned the floor with me and played every childish game they could. It was so bad at one point that I wondered if I was dealing with a big corporation or someone who was just having fun watching me suffer, but it seems to be a collective decision.”