India, May 18 -- An updated Windows machine should seem safer than one that doesn't have all of its patches installed. This is not so with MiniPlasma; this is a good reminder that not all patches eliminate all threats. An open proof of concept exists for a Windows zero day that shows how an attacker can obtain SYSTEM-level access to fully patched targets through the exploitation of a stack overflow within the cldflt.sys (Cloud Files Minifilter Driver) located at HsmOsBlockPlaceholderAccess.

The original discoverer is Chaotic Eclipse, who is also associated with the recent YellowKey and GreenPlasma vulnerabilities. The importance of MiniPlasma lies in the fact that SYSTEM access is nearly equivalent to possession of the encryption keys to...