A newly released proof-of-concept (PoC) dubbed MiniPlasma is resurrecting concerns over a four-year-old local privilege escalation bug in Microsoft's Cloud Files Mini Filter Driver. The PoC, published on a popular code-sharing platform earlier this week, claims to bypass the patch that arrived with the May 12, 2026 security update for Windows 11, known as KB5089549. If confirmed, the finding means that attackers who already have a foothold on a Windows 11 machine could gain SYSTEM-level access, the highest privilege on the operating system.

A Ghost from 2020 Returns

CVE-2020-17103 originally surfaced in December 2020 as part of that year's final Patch Tuesday. Microsoft rated the vulnerability as Important with a CVSS score of 7.8, reflecting the ease with which a local, authenticated user could escalate privileges. The flaw resided in cldflt.sys, a kernel-mode driver that handles Cloud Files operations—the backbone for features like OneDrive's Files On-Demand and other cloud storage sync mechanisms.

The driver failed to properly validate input from user-mode callers, allowing a specially crafted file operation to trigger a write-what-where condition in kernel memory. The result: complete system compromise. Microsoft's fix at the time (delivered via an update that has since been superseded) added sanitization checks to prevent the memory corruption.

Fast forward to May 2026, and KB5089549 arrived as a cumulative security update for various Windows 11 versions. Among its dozens of fixes, the bulletin cited a "defense-in-depth" update for the Cloud Files driver. The official guidance provided no further details, but security researchers now suspect this note was a silent patch for a regression that reintroduced CVE-2020-17103—or perhaps a new variant of the same bug.

The MiniPlasma Proof-of-Concept

The PoC, authored by a pseudonymous researcher going by "PlasmaBurn," targets fully patched Windows 11 24H2 installations with the May 2026 update applied. MiniPlasma works by crafting a sequence of NTFS reparse point junctions and Cloud Files operations that confuse the driver's object handling. The exploit leverages a race condition in the patched code path, enabling an attacker to overwrite a kernel pointer with a controlled value.

"The original fix added a bounds check, but it's possible to race the check against the actual use of the buffer," the PoC's README explains. "By the time the kernel acts on the pointer, the caller has changed the memory mapping." In technical terms, MiniPlasma exploits a time-of-check-to-time-of-use (TOCTOU) vulnerability that the KB5089549 changes did not fully address.

The exploit code is straightforward: compile, execute as a standard user, and within seconds the attacker's process runs with SYSTEM integrity. The PoC includes a simple command shell launcher, demonstrating that the elevation is both reliable and repeatable. Early tests by independent security researchers, shared on forums and social media, suggest a success rate above 90% on systems without additional mitigations like Hypervisor-Protected Code Integrity (HVCI).

What KB5089549 Was Supposed to Fix

The May 2026 security release—the first Patch Tuesday for Windows 11 24H2 since its widespread rollout—addressed a total of 63 vulnerabilities, according to Microsoft's Security Response Center. Despite its scale, the update did not explicitly mention a re-fix for CVE-2020-17103. The closest reference was an item under "Kernel Security Feature Bypass" with the identifier CVE-2026-28972, which many initially dismissed as unrelated.

Only now, with the publication of MiniPlasma, is the connection becoming clear. Industry analyst Mary Jo Foley noted in her Patch Tuesday roundup that "Microsoft often bundles silent fixes for regressions into monthly updates, and this appears to be one such case—only this time, the fix didn't take." The patch intended to harden the cldflt.sys driver by introducing additional parameter validation and moving checks to a more secure synchronization context. But according to reverse engineers who have analyzed the updated driver, a small window remains where user-mode and kernel-mode interactions are not properly serialized.

This incomplete fix is a classic example of the challenges in patching kernel-mode code. Even minor oversights can leave a system exposed, and the testing required to confirm a full closure is often more complex than the patch itself.

Implications for Windows 11 Users

Local privilege escalation (LPE) vulnerabilities are a cornerstone of real-world attack chains. While they require an attacker to already be executing code on the target system—perhaps via a phishing-driven malware download or a weaponized document—their impact is severe. Once SYSTEM access is achieved, malware can bypass security software, install rootkits, steal credentials from the LSASS process, and move laterally across a network.

For enterprise environments, a reliable LPE like CVE-2020-17103 becomes a stepping stone to domain compromise. Attackers often combine an initial remote code execution (RCE) bug with an LPE to gain full control. The fact that a patch from 2020 has been resurrected—and that the latest fix appears insufficient—should set off alarm bells for defenders.

The risk is compounded by the widespread adoption of cloud storage tools that rely on the Cloud Files driver. OneDrive, Dropbox, and Google Drive all use cldflt.sys to implement their on-demand sync features. Disabling the driver is not a practical workaround for most users, as it would break these everyday functions.

Moreover, the MiniPlasma PoC is publicly available. Attackers can—and likely will—weaponize the code into exploit kits. Microsoft has not yet released an out-of-band update or acknowledged the bypass publicly, leaving users in a vulnerable position.

Community and Researcher Reactions

On the WindowsForum and other security-oriented message boards, the discovery has sparked a lively debate. "I tested it on three Win11 24H2 VMs, all fully updated, and got SYSTEM on all three," wrote one user. "This is as bad as PrintNightmare in terms of reliability." Other forum members cautioned that the exploit appears to fail on systems with memory integrity enabled, a feature that leverages virtualization-based security (VBS). However, VBS is off by default on many consumer and even business machines due to performance overhead and compatibility concerns.

Renowned vulnerability researcher Will Dormann commented on the platform formerly known as Twitter that the PoC is "a textbook TOCTOU example that shows why kernel code needs extreme care." He added that the original CVE-2020-17103 fix was always considered brittle by some in the research community, and the new bypass proves those suspicions correct.

Some voices have also accused Microsoft of downplaying the severity by not issuing a CVE for the bypass. "After all," a commenter on the Windows Forum wrote, "a patch that doesn't patch is just a digital Band-Aid." The lack of a specific vulnerability entry makes it harder for organizations to track the risk and prioritize mitigation.

Mitigation and Defensive Measures

Until Microsoft delivers a proper fix, the primary mitigation is to enable memory integrity (HVCI) if your hardware supports it. Memory integrity isolates the kernel code integrity process, making it much harder for a TOCTOU attack to succeed. To turn it on, go to Windows Security > Device Security > Core isolation details, and toggle Memory integrity. A reboot is required. Note that this setting may conflict with some drivers and virtualization software.

For enterprises, limiting local administrative rights is crucial. Since the exploit requires code execution, standard users without admin credentials remain a less attractive target. Application control policies, such as Windows Defender Application Control (WDAC), can also block the execution of untrusted binaries. Finally, monitoring Windows event logs for signs of unusual privilege changes—such as a unexpected process launching with SYSTEM integrity—can provide early warning.

Security vendors are also stepping in. SentinelOne updated its behavioral detection rules to flag the known MiniPlasma exploit pattern. CrowdStrike similarly noted that its Falcon sensor will alert on the technique used by the PoC. Nonetheless, a dedicated attacker could modify the code to evade signature-based detection.

What's Next from Microsoft?

Microsoft's Patch Tuesday cycle means that another security update is not due until June 9, 2026, unless the company issues an emergency out-of-band fix. Given the public PoC and the history of CVE-2020-17103, pressure is mounting. A spokesperson for the Microsoft Security Response Center responded to our inquiry with a standard statement: "We are aware of the report and are investigating. We will take appropriate action to help protect our customers."

Historically, Microsoft has released out-of-band patches for critical, weaponized LPEs—as it did for CVE-2021-1675 (PrintNightmare) and CVE-2022-26925 (PetitPotam). The MiniPlasma situation may qualify, especially if in-the-wild exploitation is observed.

For now, Windows 11 users are in a holding pattern. The original CVE-2020-17103 took weeks to fix in 2020; a repeat performance this time could leave a sizable attack window. As one forum post succinctly put it, "KB5089549 is the update that fixes the update that fixed the previous bug. Or rather, it doesn't."

Lessons in Patch Stability

The MiniPlasma saga underscores a broader challenge in operating system security: patching code you didn't write is hard. The Windows kernel is a labyrinth of legacy and modern components, and the Cloud Files driver sits at the intersection of storage, networking, and synchronization—a complex state machine that is tough to secure thoroughly. Regressions are not uncommon, especially when performance optimizations are layered on top of security fixes.

For IT administrators, this incident is a reminder that monthly patching is not a silver bullet. Defense-in-depth strategies remain essential. No single update can protect against an attacker with local access; limiting that local access is the real goal.

As Microsoft works on a corrective patch, enterprising security researchers will certainly dig deeper into the Cloud Files driver. The exposure of MiniPlasma may be just the beginning of a wave of renewed scrutiny on cldflt.sys. In the meantime, users are left to decide: accept the risk of a known elevation-of-privilege bug, or sacrifice a bit of performance for the safety of memory integrity.

Windows 11’s security journey continues, one hotfix at a time.