New MiniPlasma zero‑day gives hackers SYSTEM access on fully patched Windows

A new Windows zero‑day exploit called MiniPlasma allows attackers to gain full SYSTEM privileges on fully patched Windows 11 systems. Researcher Chaotic Eclipse released the proof‑of‑concept after discovering that Microsoft never properly fixed CVE‑2020‑17103, a flaw originally reported by Google Project Zero in 2020. Tests by BleepingComputer and other analysts confirm the exploit works on the latest Windows 11 builds, though not on the newest Insider Canary version. MiniPlasma is part of a growing wave of zero‑days the researcher has publicly disclosed in protest against Microsoft’s vulnerability‑handling process.

Read the full story on BleepingComputer →