1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'The exact same issue that was reported to Microsoft by Google pr

    From TechnologyDaily@1337:1/100 to All on Monday, May 18, 2026 17:15:27
    'The exact same issue that was reported to Microsoft by Google project zero
    is actually still present, unpatched': Chaotic Eclipse strikes again with another worrying Windows security flaw

    Date:
    Mon, 18 May 2026 14:15:00 +0000

    Description:
    A new Windows 11 bug called MiniPlasma was disclosed on GitHub, together with a PoC.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Researcher Chaotic Eclipse discloses new Windows 11 zeroday affecting the Cloud Filter driver
    MiniPlasma, originally tracked as CVE202017103, was reported years ago but remains exploitable despite prior patch attempts It is the sixth
    vulnerability leaked by the researcher, highlighting ongoing disputes with Microsofts handling of bug reports Threat actors could escalate privileges
    and gain SYSTEM access on a fully patched Windows 11 device thanks to an unpatched vulnerability which allegedly should have been fixed years ago, new reports have claimed.

    A researcher with the alias Chaotic Eclipse recently disclosed a Proof-of-Concept (PoC) exploit for a zero-day vulnerability they named MiniPlasma. In a new GitHub entry, the researcher said the bug impacts the 'cldflt.sys' Cloud Filter driver and its 'HsmOsBlockPlaceholderAccess' routine. They said Google s Project Zero reported the issue to Microsoft back in December 2020, who even patched it at some point in the meantime. However, for reasons unknown, the vulnerability can now be exploited. They speculate that the patch was either poorly done, or rolled back. Latest Videos From You may like Disgruntled researcher releases second major Defender zero-day Disgruntled researcher leaks worrying Windows zero-day security flaw This worrying Microsoft BitLocker backdoor can grant full access to a locked drive
    and all you need is a USB stick Chaotic Eclipse "After investigating, it turns out the exact same issue that was reported to Microsoft by Google project zero is actually still present, unpatched," Chaotic Eclipse said.
    "I'm unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons. The original PoC by Google worked without any changes."

    The vulnerability, tracked as CVE-2020-17103, was tested by researchers at BleepingComputer , as well as by independent researcher Will Dormann, of Tharros, and both have confirmed that it works. Dormann did stress that the bug doesnt work in the latest Windows 11 Insider Preview Canary build.

    For weeks now, Chaotic Eclipse has been steadily disclosing different vulnerabilities affecting fully patched Windows 11 machines. Apparently, they are unsatisfied with how Microsoft handles bug reports. So far, theyve leaked five vulnerabilities, called RedSun, UnDefend, BlueHammer, YellowKey and GreenPlasma . RedSun was allegedly patched quietly in the meantime.

    With MiniPlasma, the total number is now six, and its safe to assume there will be more. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
    or sponsors By submitting your information you agree to the Terms &
    Conditions and Privacy Policy and are aged 16 or over.

    "Normally, I would go through the process of begging them to fix a bug but to summarize, I was told personally by them that they will ruin my life and they did and I'm not sure if I was the only who had this horride experience or few people did but I think most would just eat it and cut their losses but for
    me, they took away everything," the researcher said.

    "They mopped the floor with me and pulled every childish game they could. It was soo bad at some point I was wondering if I was dealing with a massive corporation or someone who is just having fun seeing me suffer but it seems
    to be a collective decision." The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/the-exact-same-issue-that-was-reported- to-microsoft-by-google-project-zero-is-actually-still-present-unpatched-chaoti c-eclipse-strikes-again-with-another-worrying-windows-security-flaw


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)