‘Patched’ Windows bug resurfaces 6 years later as working SYSTEM-level exploit
Summary
A previously patched Windows privilege escalation vulnerability (CVE-2020-17103) in the Cloud Filter driver has resurfaced as a working SYSTEM-level exploit dubbed 'MiniPlasma'. Researchers report the exploit functions on fully patched systems, potentially due to incomplete or rolled-back patches, and highlights issues with legacy bug management.
IFF Assessment
This vulnerability allows local privilege escalation, which is a significant concern for defenders as it can be chained with other exploits to gain complete control over a system.
Severity
The original CVSS score of 7.8 (high severity) reflects the potential for local privilege escalation. The exploitability via race condition and its ability to achieve SYSTEM privileges contribute to this rating.
CISA KEV: Listed as actively exploited. Federal patch due: May 06, 2026. Known ransomware use: Unknown.
Defender Context
Defenders should be aware of this resurfaced vulnerability and ensure systems are not only patched but also monitored for any signs of exploitation, especially since it impacts a core Windows component related to cloud integration. This highlights the ongoing challenge of managing legacy code and ensuring the integrity of past security fixes.