Dreamie alarm clock helps users reduce phone use in bed with podcast-enabled sleep features
A new Windows zero-day vulnerability, dubbed 'MiniPlasma', has been demonstrated to still grant SYSTEM privileges even on fully patched Windows 11 systems.
The vulnerability was originally reported by Google Project Zero in 2020 under CVE-2020-17103 and was supposedly patched by Microsoft in December 2020.However, a security researcher known as Chaotic Eclipse has released a proof-of-concept (PoC) showing that the flaw remains exploitable.Tests confirmed that running the PoC from a standard user account opens a command prompt with SYSTEM-level access.The exploit leverages the Windows Cloud Filter driver and an undocumented CfAbortHydration API, allowing arbitrary registry key creation in the .DEFAULT user hive without proper access checks.While the flaw has been verified on current public Windows 11 builds, it does not appear in the latest Insider Preview Canary build.
Security experts note that this incident highlights ongoing concerns about patch reliability and the potential risks of zero-day vulnerabilities, even years after they are reported.The PoC has been tested by multiple analysts, confirming its effectiveness, raising questions about long-term security management in Windows systems.