MiniPlasma: Windows privilege escalation zero-day affects fully patched systems

MiniPlasma is a publicly released, weaponized local privilege escalation exploit targeting CVE-2020-17103 in the Windows Cloud Filter driver (cldflt.sys). Researchers (ThreatLocker) confirmed it can elevate a standard user to SYSTEM on fully patched Windows 11 and some Windows Server builds; no official patch is available. Mitigations recommended include default-deny application allowlisting to block payload execution and monitoring specific registry paths for indicators of exploitation.