← Back to Feed CACHED · 2026-05-17 09:42:19 · cache_key CVE-2025-29912
CVE-2020-17103 · CWE-269 · Disclosed 2020-12-10

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

ASSESSED — NOISGATE V0.5
Vendor
Reassessed
Verdict:
01 · The Real Story

This is a crowbar left inside the server room, not a key to the front door

CVE-2020-17103 is a Windows Cloud Files Mini Filter Driver (cldflt.sys) elevation-of-privilege flaw in the Cloud Files stack used by Windows and features like OneDrive Files On-Demand. Microsoft published it in December 2020 for Windows 10 1803/1809/1903/1909/2004/20H2 and Windows Server 2016/2019-era builds, with fixes originally shipped via the December 8, 2020 cumulative updates such as KB4592438, KB4592449, KB4592440, and KB4592446.

The vendor's HIGH 7.0 rating was reasonable in 2020, but the 2026 MiniPlasma disclosure changes the operational picture: a public PoC now claims the original flaw regressed or remained reachable on fully patched modern Windows, and that claim was independently tested by outside reporters. That raises confidence in exploitability, but not to CRITICAL, because the attacker still needs local code execution and low privileges first.

"Weaponized and reportedly regressed on patched Windows, but still a post-compromise local privesc—not an initial access bug."
02 · The Attack Path

4 steps from start to impact.

STEP 01

Land a low-priv foothold

The attacker first needs code execution as a normal local user or malware running under a user context. MiniPlasma is not an entry vector by itself; it is a post-compromise privilege escalator used after phishing, browser exploit, stolen creds, or software execution via another route.
Conditions required:
  • Unauthenticated remote access is not enough
  • Attacker needs local execution on the Windows host
  • A low-privileged user context is sufficient
Where this breaks in practice:
  • This prerequisite implies the attacker already cleared initial access controls
  • EDR, application control, email security, browser hardening, and MFA-backed identity controls should break many real-world chains before this step
Detection/coverage: Endpoint telemetry usually sees the precursor stage better than the privesc itself. Hunt for new user-space execution leading into unusual Cloud Files driver activity.
STEP 02

Trigger cldflt.sys with MiniPlasma

The public MiniPlasma PoC targets the Windows Cloud Filter driver and specifically public reporting points to HsmOsBlockPlaceholderAccess. The exploit path abuses a local logic flaw in a kernel-adjacent file-system mini-filter path to turn a user-context process into a SYSTEM-context process.
Conditions required:
  • Target is Windows with the Cloud Files Mini Filter driver present
  • Attacker can run local code that interacts with the vulnerable path
  • Exploit compatibility with the target build
Where this breaks in practice:
  • Exploit reliability may vary across builds and Insider evidence suggests the behavior is not universal across all future builds
  • Some hardened EDRs may catch suspicious exploit staging or exploit artifacts even if they do not understand the root cause
Detection/coverage: Detection is weaker than for network bugs. Tenable released a local direct-check plugin (316497) in May 2026, but most network scanners cannot meaningfully see this from the outside.
STEP 03

Convert to SYSTEM

If exploitation succeeds, the attacker escapes the low-privileged boundary and gains SYSTEM on the endpoint. That is the real impact: credential access, defense tampering, persistence, and lateral movement become much easier once the box is owned at the local OS level.
Conditions required:
  • Successful local exploit execution
  • Endpoint not blocking the spawned elevated process
Where this breaks in practice:
  • Privilege escalation still lands on a single host; enterprise-wide impact requires follow-on tradecraft
  • Post-exploitation actions may hit Credential Guard, LSASS protections, tamper protection, or EDR response
Detection/coverage: Watch for short-lived user-context processes spawning SYSTEM children, token anomalies, registry changes under privileged contexts, and unusual driver-adjacent file operations.
STEP 04

Operationalize host compromise

From SYSTEM, the attacker can dump secrets, disable protections, install services, or stage lateral movement tooling. At scale, this matters because an inexpensive local privesc turns every successful user-level compromise into a durable host takeover.
Conditions required:
  • Attacker has SYSTEM on at least one endpoint
  • Follow-on controls do not block credential theft or persistence
Where this breaks in practice:
  • Lateral movement still depends on separate credentials, reachable services, and segmentation
  • Modern Microsoft hardening features can reduce downstream payoff
Detection/coverage: This is where defenders have the best chance: service creation, scheduled tasks, credential-dumping indicators, EDR tamper events, and abnormal admin share activity.
03 · Intelligence Metadata

The supporting signals.

In-the-wild statusNo CISA KEV listing and I found no authoritative confirmation of active in-the-wild exploitation. What *is* confirmed is public validation: BleepingComputer reported testing MiniPlasma successfully on a fully patched Windows 11 system in May 2026.
PoC availabilityYes. James Forshaw's Project Zero research explained the bug class in January 2021; in May 2026, public reporting and NVD change history referenced the MiniPlasma GitHub PoC.
EPSS0.01006 (1.006%) from the user-supplied intel. That is a low absolute exploitation probability, which normally argues for de-prioritization, but EPSS lags badly when a fresh local PoC appears for a long-known Windows primitive.
KEV statusNot listed in CISA KEV as assessed against the current KEV catalog URL. No KEV add date and no CISA remediation due date.
CVSS vectorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H from Microsoft (7.0 HIGH). NVD later scored it 7.8 with AC:L, which reflects a harsher view of exploitability than Microsoft's original assessment.
Affected versionsNVD lists Windows 10 1803, 1809, 1903, 1909, 2004, 20H2, plus Windows Server 2016, 2019, and corresponding Server Core-era branches. Operationally, cldflt.sys is a widely deployed built-in Windows component, so this is not a niche optional package.
Original fixed versionsOriginally addressed via December 8, 2020 cumulative updates including KB4592446 (17134.1902), KB4592440 (17763.1637), KB4592449 (18362.1256 / 18363.1256), and KB4592438 (19041.685 / 19042.685). Current final fixed build is unclear because 2026 reporting alleges regression or incomplete remediation.
Scanning and exposure dataThis is a local driver bug, so Shodan/Censys/FOFA exposure data is largely irrelevant. The practical exposure metric is your Windows endpoint count. Tenable shipped plugin 316497 on 2026-05-22 as a local direct check, which is more meaningful than internet-wide scan counts.
Disclosure and reporterPublic CVE publication was 2020-12-10. Project Zero's James Forshaw documented the mini-filter research in 2021-01-14 and explicitly noted Microsoft had fixed four related issues in December 2020, including CVE-2020-17103.
04 · The Call

noisgate verdict.

Final Verdict
= UNCHANGED to HIGH (8.1/10)

The decisive amplifier is the 2026 public weaponized PoC against reportedly patched systems, which makes this far more actionable for real attackers than the original 2020 record implied. It stays in HIGH, not CRITICAL, because the exploit still requires local low-privileged execution first, so it is a force multiplier for compromises rather than a front-door bug.

HIGH Post-compromise nature of the attack path
MEDIUM Claim that the original 2020 fix regressed or remained reachable on current patched builds
HIGH Assessment that this is not an internet-exposure-driven emergency

Why this verdict

  • Baseline stays high: Microsoft rated it 7.0 HIGH, and that baseline is fair because successful exploitation yields SYSTEM on a ubiquitous enterprise platform.
  • Upward adjustment for weaponization: A public MiniPlasma PoC appeared in May 2026, Tenable shipped detection around it, and outside testing reportedly reproduced SYSTEM compromise on patched Windows. That removes a lot of the old 'maybe not practical' discount.
  • Downward pressure for attacker position: The chain requires local execution plus low privileges, which means this is post-initial-access. That sharply narrows the reachable population versus a remote pre-auth flaw and is why this does not become CRITICAL.

Why not higher?

Because this bug does not give attackers a foothold. It needs a user-context process already running on the box, so the exploit rides *after* phishing, browser compromise, stolen credentials, or some other initial access event. Also, there is still no authoritative KEV entry or firm evidence of broad in-the-wild abuse.

Why not lower?

Because on Windows fleets, a cheap local privesc is not housekeeping noise. Once a public PoC exists and reportedly works on fully patched systems, every successful low-priv compromise becomes much more likely to end in durable SYSTEM ownership. For enterprise defenders, that is squarely a HIGH operational problem.

05 · Compensating Control

What to do — in priority order.

  1. Harden initial execution paths — Treat this as a post-compromise amplifier and reduce the chances of step one ever happening: tighten email/web controls, block untrusted script and binary execution, and enforce application control. For a HIGH verdict, deploy or validate these controls within 30 days.
  2. Prioritize EDR detections for local privesc chains — Tune for suspicious user-to-SYSTEM process transitions, exploit staging from temp/user-writable paths, and defense-tampering behavior immediately after elevation. This will not prevent the kernel bug itself, but it can contain the host takeover path; deploy tuning within 30 days.
  3. Reduce local admin and developer sprawl — The more users and build agents that can run arbitrary code locally, the more usable this class of bug becomes. Remove unnecessary local execution rights and clean up broad software install permissions within 30 days.
  4. Segment and protect post-elevation targets — Use Credential Guard, LSASS protections, tamper protection, and lateral-movement controls so a single SYSTEM win does not become domain-wide impact. These are compensating controls for the blast radius and should be validated within 30 days.
What doesn't work
  • WAF and perimeter IPS do not help because this is not a network-reachable bug.
  • External attack-surface management will not find this; the vulnerable component is a local Windows driver, not an exposed service.
  • Just being fully patched is not enough confidence right now, because the entire 2026 risk story is that a patched-host regression or incomplete fix is being publicly alleged.
06 · Verification

Crowdsourced verification payload.

Run this on the target Windows host as a local administrator or via your endpoint management agent. Example: powershell.exe -ExecutionPolicy Bypass -File .\Check-CVE-2020-17103.ps1. It performs a build-based sanity check only: hosts missing the original December 2020 baseline are marked VULNERABLE; hosts at or above that baseline are marked UNKNOWN because current reporting says the issue may be exploitable again on patched systems and Microsoft has not published a clearly attributable superseding fixed build in the sources reviewed.

noisgate-verify.ps1
POWERSHELLREAD-ONLYSAFE
# Check-CVE-2020-17103.ps1

# Build-based verifier for the original 2020 remediation baseline.

# Because 2026 reporting alleges regression/re-exploitability on patched systems,

# this script can only confidently say VULNERABLE when the original baseline is absent.

# Otherwise it returns UNKNOWN until Microsoft publishes a definitive superseding fix.

# Exit codes: 0=PATCHED, 1=VULNERABLE, 2=UNKNOWN, 3=ERROR


[CmdletBinding()]
param()

$ErrorActionPreference = 'Stop'

function Get-OSInfo {
    $cv = Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion'
    [pscustomobject]@{
        ProductName   = $cv.ProductName
        DisplayVersion = $cv.DisplayVersion
        ReleaseId     = $cv.ReleaseId
        CurrentBuild  = [int]$cv.CurrentBuild
        UBR           = [int]$cv.UBR
        BuildString   = "$($cv.CurrentBuild).$($cv.UBR)"
    }
}

function Get-CldfltInfo {
    $path = Join-Path $env:windir 'System32\drivers\cldflt.sys'
    if (-not (Test-Path $path)) {
        return $null
    }
    $item = Get-Item $path
    [pscustomobject]@{
        Path = $path
        Version = $item.VersionInfo.FileVersion
        LastWriteTime = $item.LastWriteTimeUtc
    }
}

function Test-Original2020Baseline {
    param(
        [int]$Build,
        [int]$UBR
    )

    # Original December 8, 2020 fixed baselines reviewed in Microsoft/Rapid7 sources:

    # 17134.1902 (1803 / KB4592446)

    # 17763.1637 (1809 / Server 2019 / KB4592440)

    # 18362.1256 (1903 / KB4592449)

    # 18363.1256 (1909 / KB4592449)

    # 19041.685  (2004 / KB4592438)

    # 19042.685  (20H2 / KB4592438)


    switch ($Build) {
        17134 { return ($UBR -ge 1902) }
        17763 { return ($UBR -ge 1637) }
        18362 { return ($UBR -ge 1256) }
        18363 { return ($UBR -ge 1256) }
        19041 { return ($UBR -ge 685) }
        19042 { return ($UBR -ge 685) }
        default { return $null }
    }
}

try {
    $os = Get-OSInfo
    $drv = Get-CldfltInfo

    Write-Output "Host: $env:COMPUTERNAME"
    Write-Output "OS: $($os.ProductName)"
    Write-Output "Build: $($os.BuildString)"

    if ($null -eq $drv) {
        Write-Output 'UNKNOWN - cldflt.sys not found; unable to assess this host with this script.'
        exit 2
    }

    Write-Output "cldflt.sys: $($drv.Version) [$($drv.Path)]"

    $baseline = Test-Original2020Baseline -Build $os.CurrentBuild -UBR $os.UBR

    if ($baseline -eq $false) {
        Write-Output 'VULNERABLE - host is below the original December 2020 remediation baseline for CVE-2020-17103.'
        exit 1
    }

    if ($baseline -eq $true) {
        Write-Output 'UNKNOWN - host meets the original 2020 patch baseline, but public 2026 reporting alleges regression/re-exploitability on patched systems. A definitive current fixed build was not identified in reviewed sources.'
        exit 2
    }

    Write-Output 'UNKNOWN - this Windows build is outside the original 2020 branch mapping in this script. Manual validation required.'
    exit 2
}
catch {
    Write-Output ('ERROR - ' + $_.Exception.Message)
    exit 3
}
07 · Bottom Line

If you remember one thing.

TL;DR
Monday morning: treat this as a HIGH post-compromise privilege escalator across your Windows fleet, not as perimeter fire. Start by identifying where cldflt.sys is present and where your EDR coverage for user-to-SYSTEM transitions is weak, then deploy compensating controls under the noisgate mitigation SLA within 30 days. For patching, validate that all hosts at least received the original December 2020 baselines, but do not assume that alone proves safety; track Microsoft for a definitive re-fix if the 2026 regression claim is confirmed, and complete vendor remediation under the noisgate remediation SLA within 180 days.

Sources

  1. NVD CVE record
  2. Project Zero mini-filter research
  3. Microsoft KB4592438
  4. Rapid7 vulnerability entry with patch mappings
  5. BleepingComputer MiniPlasma report
  6. SecurityWeek MiniPlasma report
  7. Tenable plugin 316497
  8. CISA KEV catalog
Peer Review

What defenders are saying.

Submit a review attribution: handle + country only
0 flags selected · stored anonymously
Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.