- Chaotic Eclipse Researcher Reveals New Zero-Day Windows 11 Affecting Cloud Filter Driver
- MiniPlasma, originally tracked as CVE-2020-17103, was reported years ago but remains exploitable despite previous patch attempts.
- It is the sixth vulnerability leaked by the researcher, highlighting ongoing disputes with Microsoft’s handling of bug reports.
Threat actors could escalate privileges and gain SYSTEM access on a fully patched Windows 11 device thanks to an unpatched vulnerability that supposedly should have been fixed years ago, new reports claim.
A researcher with the alias Chaotic Eclipse recently revealed a proof-of-concept (PoC) exploit for a zero-day vulnerability that they called “MiniPlasma.” In a new GitHub entry, the researcher said that the bug affects the cloud filter driver ‘cldflt.sys’ and its routine ‘HsmOsBlockPlaceholderAccess’.
They said Google’s Project Zero reported the issue to Microsoft in December 2020, who even patched it at some point in the meantime. However, for unknown reasons, the vulnerability can now be exploited. They speculate that the patch was done wrong or reverted.
chaotic eclipse
“After investigating, it turns out that the exact same issue that was reported to Microsoft by Google’s project zero is still present, unpatched,” Chaotic Eclipse said. “I’m not sure if Microsoft never fixed the issue or if the patch was quietly rolled back at some point for unknown reasons. Google’s original proof of concept worked without any changes.”
The vulnerability, tracked as CVE-2020-17103, was tested by researchers at beepcomputeras well as by independent researcher Will Dormann, of Tharros, and both have confirmed that it works. Dormann emphasized that the bug does not work in the latest Canary build of Windows 11 Insider Preview.
For weeks now, Chaotic Eclipse has been constantly revealing different vulnerabilities affecting fully patched Windows 11 machines. Apparently, they are dissatisfied with the way Microsoft handles bug reports. So far, they have leaked five vulnerabilities, called RedSun, UnDefend, BlueHammer, YellowKey and GreenPlasma. Meanwhile, RedSun was supposedly quietly patched.
With MiniPlasma, the total number is now six and it is safe to assume there will be more.
“Normally, I would go through the process of begging them to fix a mistake, but long story short, they personally told me they would ruin my life and they did, and I’m not sure if I was the only one who had this horrible experience or a few people did, but I think most would just eat it and cut their losses, but they took it all away from me,” the investigator said.
“They mopped the floor with me and used every playground they could. It was so bad that at some point I wondered if I was dealing with a massive corporation or someone who just gets a kick out of watching me suffer, but it seems to be a collective decision.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
