WeSearch

MiniPlasma, a Powerful LPE

·1 min read · 0 reactions · 0 comments · 11 views
#cybersecurity#windows#exploit#lpe#vulnerability#MiniPlasma#CVE-2020-17103#Windows 11#Windows Server 2025#cldflt.sys#GitHub#Nightmare-Eclipse
⚡ TL;DR · AI summary

A new local privilege escalation (LPE) exploit named MiniPlasma has been discovered, targeting a missing patch for CVE-2020-17103 in Windows systems. The proof-of-concept successfully executed a SYSTEM shell on fully patched Windows 11 and Windows Server 2025. The vulnerability appears to be present in the cldflt.sys driver.

Key facts
Original article
Blogspot
Read full at Blogspot →
Opening excerpt (first ~120 words) tap to expand

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512This one is accidental, I didn't even think cldflt.sys had that vulnerability. Turns out CVE-2020-17103 patch is just not present at all ?The new PoC was tested against fully patched Windows 11 and Windows Server 2025 and managed to flawlessly spawn a SYSTEM shell.https://github.com/Nightmare-Eclipse/MiniPlasma-----BEGIN PGP SIGNATURE-----iHUEARYKAB0WIQRJTvAf/AWVhAKEeb7FFoRCS0/SbAUCaggLWQAKCRDFFoRCS0/SbHKSAP4/bkKYCDTKZvq5WoUsWKuYgWBvlfun8KYJtNgYREezVAEAj8cg30PjcjcuREzr4eniahPoc6bleEEos0PwVOUa5AA==oct9-----END PGP SIGNATURE-----

Excerpt limited to ~120 words for fair-use compliance. The full article is at Blogspot.

Anonymous · no account needed
Share 𝕏 Facebook Reddit LinkedIn Threads WhatsApp Bluesky Mastodon Email

Discussion

0 comments

More from Blogspot

Man Becomes the Sex Organs of the Machine World (2012)
Blogspot·11
Ahoy, DECmate II the little PDP-8 that could
Blogspot·18
Separate the Cord from the Device
Blogspot·14
The Densest (Urban) Environment in the World
Blogspot·15
I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty
Blogspot·15
OpenSMTPD Is The Mail Server For The Future
Blogspot·13