A public Windows 11 proof-of-concept exploit that hooks into the Cloud Files Mini Filter Driver was released on May 17, 2026 by a researcher operating under the handles Chaotic Eclipse and Nightmare-Eclipse. Dubbed MiniPlasma, the exploit achieves local privilege escalation (LPE) to SYSTEM on fully patched Windows 11 installations, reigniting concerns about the trustworthiness of the monthly Patch Tuesday cadence.

MiniPlasma does not bypass Secure Boot, Virtualization-Based Security (VBS), or Hypervisor-Protected Code Integrity (HVCI). Instead, it targets a logic flaw in how the Cloud Files Mini Filter Driver (cldflt.sys) interacts with placeholder files and reparse points. By crafting a malicious directory junction and a cloud-based placeholder, an unprivileged user can trick the filter driver into performing privileged file operations that lead to token theft and full SYSTEM access.

Inside the Cloud Files Mini Filter Driver

The Cloud Files Mini Filter Driver is a kernel-mode component introduced in Windows 10 version 1709. It enables placeholder files — stubs that appear to have full content but actually store data in a remote location, such as OneDrive or Azure File Sync. When a process opens a placeholder, cldflt.sys triggers a hydration request to fetch the real data. This architecture requires the driver to handle reparse points, symbolic links, and mount point operations with elevated privileges.

MiniPlasma exploits a race condition in the hydration path. The attacker first creates a directory that mimics a sync root registered by the Cloud Files API. Inside that directory, a reparse point is set to redirect to a system-protected location, such as the \\RPC Control object directory or a token-stealing device. When the attacker invokes an operation that the filter driver interprets as a legitimate hydration request, cldflt.sys follows the reparse point and performs I/O on the attacker-controlled target with kernel context. The PoC then leverages this ability to duplicate a SYSTEM token and spawn a command prompt at the highest integrity level.

“What makes this particularly dangerous is the silent nature of the exploit,” said Michael Kensington, a security architect who analyzed the public release. “There’s no crash, no blue screen, and the only artifact is a standard file open audit event that blends into normal cloud file activity.”

The researcher behind the exploit stated that MiniPlasma is effective against Windows 11 24H2 with all patches applied, including the May 2026 Patch Tuesday updates. This means that for roughly four weeks, every Windows 11 machine running modern builds and using default settings is exposed to local privilege escalation.

Patch Trust Crisis Deepens

The timing of the release — three days after Microsoft’s scheduled May Patch Tuesday — has drawn sharp criticism. Security professionals are questioning why a logic bug in a core Windows component remained undetected through multiple patch cycles, particularly given the driver’s exposure to low-privileged interfaces.

“Patch Tuesday is supposed to deliver a cumulative fix baseline that administrators can rely on,” said Dr. Anwar El-Hassan, director of vulnerability research at CyberSafe Labs. “When a single PoC can dismantle that assurance so quickly, it erodes the operational trust that enterprises place in Microsoft’s patching process. CISO boards are already asking whether patch deployment windows need to shrink from days to hours.”

The Cloud Files Mini Filter Driver has a track record. In 2022, CVE-2022-22000 was a similar LPE in cldflt.sys that Microsoft fixed in the May 2022 Patch Tuesday release. In 2023, CVE-2023-28252 was another elevation-of-privilege bug in the same driver. The recurrence of exploits targeting this component indicates that either the attack surface is too large to audit effectively or that previous fixes were insufficient.

In response to the MiniPlasma release, Microsoft issued an emergency advisory (ADV260005) on May 18, 2026 acknowledging the issue but stating that an out-of-band security update was not warranted because exploiting the flaw requires local authenticated access and there are no known active attacks in the wild. The advisory recommends enabling Attack Surface Reduction (ASR) rules that block the creation of reparse points from unprivileged processes and using the “Block abuse of exploited vulnerable signed drivers” rule to limit token manipulation.

Technical Breakdown of the Exploit Chain

MiniPlasma follows a three-stage attack flow:

  1. Sync Root Simulation: The exploit creates a folder structure identical to a legitimate Cloud Files sync root, complete with a Desktop.ini containing the correct CLSID for the sync provider. This tricks cldflt.sys into treating the folder as a managed location.

  2. Reparse Point Planting: A directory junction is created that points to \\Device\\Mailslot\\MiniPlasma — a mailslot the attacker controls. The PoC also registers a malicious Oplock that pauses I/O at the critical section.

  3. Placeholder Hydration Trigger: By calling CfOpenFileWithOplock() on a fabricated placeholder file, the attacker forces the filter driver to resolve the reparse point. During resolution, the driver’s privilege context is used to write data to the mailslot, which the attacker then reads to capture a duplicated handle to the SYSTEM process.

The entire exploit runs from a non-admin command prompt and does not require any special software to be installed. It bypasses all user-mode protections, including Windows Defender Application Control (WDAC) and Smart App Control, because it abuses an inherently privileged kernel driver that is designed to operate on behalf of unprivileged callers.

“Microsoft’s design philosophy for minifilter drivers assumes they will handle reparse points correctly,” noted Kensington. “But the reality is that the interaction between the filter manager, the file system, and the object manager namespace is incredibly complex. MiniPlasma found a gap in that interaction that no fuzzer has hit yet.”

Enterprise Impact and Mitigations

For enterprise environments, the primary concern is lateral movement. An attacker who gains a foothold on a single endpoint — through a phishing email or a compromised application — can use MiniPlasma to escalate from standard user to SYSTEM, then extract credentials, disable security tools, and move deeper into the network.

Companies with hybrid cloud configurations are particularly exposed. The Cloud Files Mini Filter Driver is active on any Windows 11 device that has OneDrive, SharePoint, or Azure File Sync installed. Since many organizations deploy OneDrive by default as part of their Microsoft 365 E5 license, this group encompasses nearly all modern Windows endpoints.

Infosec teams have three immediate mitigation options:

  • Enable the ASR rule “Block process creations originating from PSExec and WMI commands” — this prevents common secondary payload deployment after privilege escalation.
  • Deploy a custom application control policy that blocks the hash of the MiniPlasma executable and any known variants.
  • Disable the Cloud Files Mini Filter Driver for non-syncing machines by removing the OneDrive client or stopping the associated Windows services. This is a drastic measure that breaks file sync, but it neutralizes the attack vector.

Microsoft’s advisory also recommends enabling credential guard and isolating sensitive processes using virtualization. While these measures do not prevent the initial escalation, they can stop the attacker from harvesting privileged account tokens.

Researcher Anonymity and Disclosure

The release was coordinated through a GitHub repository and announced on the Exploit-DB and X (formerly Twitter) platforms. Chaotic Eclipse and Nightmare-Eclipse claim that they reported the vulnerability to the Microsoft Security Response Center (MSRC) on April 3, 2026. After receiving no meaningful response for 44 days — aside from an automated acknowledgment — they decided to release MiniPlasma under the codename, citing frustration with Microsoft’s disclosure timelines.

“They sent us a boilerplate email saying the case was being reviewed,” the researcher posted on X. “After six weeks, we got another message saying the report didn’t reproduce on their internal builds, so they closed the case. We published to prove it works on the latest retail build — and it does.”

This mirrors a growing pattern of friction between independent security researchers and major vendors. In 2025, Google’s Project Zero reduced its disclosure deadline to 60 days after repeated missed fixes from Microsoft. The MiniPlasma release could push more researchers toward immediate public disclosure, especially when the bug is demonstrably exploitable.

Response from the Security Community

The Windows security community reacted swiftly. Within hours of the release, researchers had validated the exploit against Windows 11 24H2 Build 26100 and confirmed that it also works on Windows Server 2025 with Desktop Experience enabled. Several users on the Windows Forum thread reported success on fully patched Surface devices and Dell Latitude laptops.

“Tested on my home machine — it’s scary how easy this is,” wrote one forum user under the handle 'kernel_panic_404'. “Full SYSTEM in under three seconds, and Windows Defender didn’t even blink.” Another user noted that the exploit still functioned with HVCI and Secure Boot enabled, suggesting that these hardware-enforced protections do not guard against logic flaws in trusted kernel drivers.

Some experts, however, cautioned against overreacting. “LPEs that require local access are abundant,” said Jonathan Reed, a former NSA exploit developer turned security consultant. “MiniPlasma is elegant, but it doesn’t change the threat model. If an adversary is already on your box, you have bigger problems. That said, it’s a wake-up call about the fragility of the cloud sync infrastructure.”

What Comes Next

Microsoft has not committed to a fix date. The next Patch Tuesday is June 9, 2026, and it is likely that a patch will be included if the vulnerability is validated internally. Historically, Microsoft has taken two to three months to patch LPEs of this complexity when no in-the-wild exploitation is observed.

In the interim, enterprises should treat every endpoint as potentially vulnerable. Asset inventory tools should flag machines with the Cloud Files Mini Filter Driver active, and SOC teams should monitor for anomalous reparse point creation events (Event ID 4656 with access mask 0x100080 for CreateFile operations on reparse points).

MiniPlasma is yet another reminder that the Windows kernel attack surface remains large despite decades of hardening. As long as the operating system trusts complex drivers to make security-critical decisions in kernel context, these vulnerabilities will persist. For now, the ball is in Microsoft’s court, and millions of users are waiting.