New Windows Flaw Grants System Access

A new Windows zero-day exploit grants full system privileges on patched Windows 11 machines, with a proof-of-concept exploit now publicly available.

A security researcher has released a proof-of-concept (PoC) exploit for a new zero-day vulnerability in Microsoft Windows, dubbed MiniPlasma. The exploit grants SYSTEM-level privileges, the highest access level, on fully patched Windows 11 systems. The public release of the PoC means the technical details are now widely available, increasing the risk of malicious use. The exploit's effectiveness was independently confirmed, underscoring the severity of the flaw. This type of vulnerability allows an attacker who has already gained initial access to a machine to escalate their privileges and take complete control of the system.

This vulnerability is particularly concerning as it appears to be an unpatched variant of a flaw (CVE-2020-17103) that Microsoft reportedly fixed in December 2020. The original issue was discovered by Google Project Zero, and this new exploit suggests the patch was incomplete. For IT and security teams, this situation highlights the persistent risk even on fully updated systems. Since this is a zero-day with a public exploit, the pressure is on Microsoft to issue a patch. Until a fix is released, system administrators should monitor for advisories and be prepared to deploy an update immediately.

A zero-day exploit with a public PoC for fully patched Windows 11 systems allows attackers to gain full system control, bypassing a previous fix from Microsoft.

Increased risk of system compromise across corporate environments using Windows 11. Successful exploitation could lead to data theft, ransomware deployment, or complete network takeover. Requires immediate attention from IT and security teams once a patch is released.