MiniPlasma: Chaotic Eclipse Reopens cldflt.sys 

On Friday, May 15, 2026, a PGP-signed message was published on the deadeclipse666 blog and shared on social networks by the researcher operating under the handles Chaotic Eclipse (publications) and Nightmare-Eclipse (code) (1). The message announces the release of a new PoC, dubbed MiniPlasma, on the repository github.com/Nightmare-Eclipse/MiniPlasma (2). The PGP signature matches the key used for previous publications, in particular those covering YellowKey and GreenPlasma on May 12, 2026.

The tone of the message is unusually terse for this researcher. The opening sentence, This one is accidental, I didn’t even think cldflt.sys had that vulnerability, suggests a fortuitous discovery rather than the result of targeted research. The following sentence, Turns out CVE-2020-17103 patch is just not present at all ?, framed with a question mark, presents the central claim in a form of surprise rather than assertion. The reported test specifies that the PoC was successfully executed against fully patched Windows 11 and Windows Server 2025, resulting in a SYSTEM shell.

No additional technical element appears in the message. No CVE has been assigned. No fix is being prepared by the Microsoft Security Response Center at the time of writing. Unlike the YellowKey disclosure, where the mechanism (Transactional NTFS bits within the Windows Recovery Environment) had been described precisely enough to enable independent reproduction within 24 hours by multiple researchers, MiniPlasma is delivered as an executable binary, without a detailed explanation of the exploitation path.

To assess the scope of MiniPlasma, one must first understand what cldflt.sys is. The Windows Cloud Files Mini Filter Driver is a Windows kernel driver that implements the cloud-on-demand file mechanism, primarily used by OneDrive and SharePoint but also by other cloud storage providers integrated into the operating system. Its main function is the management of placeholders: file system entries that behave like local files but whose contents are only hydrated on demand from a remote source (3)(4).

The driver is loaded by default on all modern Windows installations, regardless of whether OneDrive or any cloud client is present. Its attack surface is therefore maximal across the Windows install base.

The history of vulnerabilities affecting the driver is instructive. Four major CVEs have been fixed on the component within 18 months, with an accelerating cadence.

The trajectory is consistent. cldflt.sys is an architecturally complex subsystem: it intercepts file system operations, manipulates reparse points, manages transitions between user and kernel contexts, and exposes exotic IOCTLs (typically 0x903BC on HsmpOpCreatePlaceholders). Researchers who focus on it regularly find logical flaws. CVE-2025-55680 demonstrated that an old patch (CVE-2020-17136) could be bypassed via a race condition five years later. CVE-2025-62221 was exploited in-the-wild even before publication. MiniPlasma, if confirmed, would be the fourth episode in this ongoing series.

The central claim by Chaotic Eclipse, that the CVE-2020-17103 patch is simply not present at all, is extraordinary. Without independent binary confirmation, two technical readings are possible, hierarchized by parsimony.

Hypothesis 1: uncovered variant of the original class

This is the more probable hypothesis a priori. The researcher would have identified a code path adjacent to the one patched in December 2020. The original patch would remain present and functional within its original scope, but would not cover the variant exploited by MiniPlasma. This is exactly the pattern observed in March 2024 by Exodus Intelligence on CVE-2020-17136: the validation of \ and : characters in placeholder paths, introduced by the 2020 patch, was bypassable via a TOCTOU race. The patch was not absent; it was insufficient.

This reading is reinforced by the tone of the Chaotic Eclipse message. The phrase I didn’t even think cldflt.sys had that vulnerability suggests that the researcher found the bug by happenstance, rather than via directed analysis of the CVE-2020-17103 patch. The interrogative formulation just not present at all ? can be read as a rhetorical exclamation expressing surprise rather than a literal assertion.

Hypothesis 2: silent regression of the patch

Rarer in practice but documented in the recent history of Windows, the hypothesis of an actual regression of the patch cannot be ruled out. Microsoft has refactored cldflt.sys several times since 2020: integration of new Cloud Filter APIs, addition of support for Files On-Demand v2, alignment with cldsync.sys on certain branches. Each refactor is a risk point for the long-term durability of older patches.

If hypothesis 2 is verified, exposure would have been running for potentially several Windows versions. The consequences would be significant. First, the Chaotic Eclipse narrative regarding the failures of silent patching would find in this case a particularly strong post hoc validation. Second, the question of the durability of old fixes in an operating system as large and frequently refactored as Windows would become a doctrinal issue for CERTs and CISOs, beyond the cldflt.sys case alone.

Deciding between the two hypotheses requires a binary diff between a vulnerable version of cldflt.sys predating the 2020 patch, a version on Windows 10 or 11 where the patch was applied, and the current version on Windows 11 and Windows Server 2025 tested by Chaotic Eclipse. This work is achievable by researchers equipped with standard Windows reverse engineering tools (IDA Pro, Ghidra, BinDiff). The first results are likely to be published within 48 to 72 hours after the PoC is disseminated, in the lineage of YellowKey reproductions.

MiniPlasma fits within a sequence of disclosures whose pace has been accelerating since April 2026. The researcher Chaotic Eclipse had announced a new publication for the Patch Tuesday of June 2026. MiniPlasma arrives three days after YellowKey and GreenPlasma, without matching that announcement, which means either that the announced June agenda still holds with another exploit in reserve, or that the researcher is adjusting their calendar.

The researcher’s stated motive, exposed in several PGP-signed publications on the deadeclipse666 blog, remains constant. They denounce the practice of silent patching attributed to Microsoft: the quiet correction of vulnerabilities without CVE assignment, without published advisory, without compensation for the reporting researcher. The response strategy chosen by Chaotic Eclipse is uncoordinated public disclosure, calibrated against the Patch Tuesday rhythm, to maximize both the visibility of the criticism and the operational cost imposed on the vendor.

Whatever moral evaluation one applies to this strategy, its operational effectiveness is now documented. Each disclosure forces Microsoft into internal mobilization, the research community into reproduction work, and CERT and CSIRT teams into exposure analysis. The aggregate cost to the ecosystem is significant, and the trajectory of previous disclosures (YellowKey reproduced in 24 hours, GreenPlasma confirmed functional on Windows Server 2026) suggests that MiniPlasma will be handled in the same way by independent reverse engineering teams within the coming hours.

Subject to independent confirmation of the PoC, MiniPlasma’s exposure perimeter would, by virtue of the targeted subsystem, be particularly broad.

The cldflt.sys driver is loaded by default on all Windows installations since Windows 10 version 1809. Its presence does not depend on whether OneDrive is actually installed on the host: the driver is embedded in the operating system and activated through the file system filter driver stack. The tests reported by Chaotic Eclipse cover Windows 11 (likely all versions, pending confirmation) and Windows Server 2025. Extrapolation to other modern versions of the operating system is immediate in the absence of contrary indication.

The operational environments showing particularly marked exposure are the same as for previous Windows LPEs: hosting providers and virtual desktop providers (VDI) accommodating multiple users on the same machine or the same image, user workstations on which a prior application compromise provides local access, multi-user RDS servers, Windows CI runners executing third-party code. Any attack path leading to local code execution by an unprivileged user, including via an application vulnerability such as CVE-2026-40361 in wwlib.dll covered on this blog elsewhere, can be chained with MiniPlasma to obtain a SYSTEM shell.

The aggravating factor lies in the recent history of the driver. CVE-2025-62221, fixed in December 2025, was exploited in-the-wild prior to the fix being published. This in-the-wild exploitation was documented by Microsoft Threat Intelligence Center without the publication of detailed indicators of compromise, which made detection difficult for defenders (5)(6). If MiniPlasma confirms a second uncorrected exposure on the same driver within five months, the question of the reliability of the Cloud Files subsystem in at-risk environments becomes structural.

In the absence of a vendor fix and given the uncertainty about the exact nature of the flaw, mitigations are essentially compensatory.

Conditional disabling of the Cloud Files driver

For hosts that do not require Files On-Demand functionality (servers with no cloud use, administrator workstations, standardized VDI environments), disabling the CldFlt service may be considered. The command is as follows:

sc.exe config cldflt start= disabled

The functional impact must be carefully validated before deployment. Disabling breaks OneDrive synchronization in Files On-Demand mode, the equivalent SharePoint functions, and certain third-party workflows that rely on the Windows Cloud Filter API. For fleets heavily using OneDrive, this mitigation is not applicable. For server environments without cloud usage, it immediately reduces the attack surface to zero for this class of vulnerability.

EDR detection on cldflt.sys IOCTLs

Independent of the exact mechanism exploited by MiniPlasma, all known exploitations of the driver since 2020 transit through a limited number of IOCTL codes. EDR monitoring on these codes constitutes a defense-in-depth measure. The behavioral indicators to prioritize include: DeviceIoControl calls with code 0x903BC to the device \\.\HsmFlt\Hsm originating from unprivileged user processes; CreateFile sequences on reparse points with tag IO_REPARSE_TAG_CLOUD by unusual processes; creation of DLLs in C:\Windows\System32\ or C:\Windows\SysWOW64\ by non-SYSTEM processes, particularly the DLL rasmxs.dll identified in CVE-2025-55680 exploitations and fveapi.dll in documented variants.

General hardening and defense in depth

The Microsoft Defender for Endpoint ASR rules blocking the creation of child processes by Office applications, code injection into other processes, and the creation of executable content by Office applications remain relevant to limit attack chains culminating in MiniPlasma. For at-risk environments (VDI, RDS servers, shared hosting), strict application of the least privilege principle on user accounts reduces the value of a local SYSTEM elevation but does not prevent it.

Three lessons emerge from this disclosure, to varying degrees depending on whether the technical hypotheses are confirmed.

The first lesson, independent of the exact nature of the MiniPlasma flaw, is the progressive exhaustion of Microsoft’s vulnerability communication model. The repetition of Chaotic Eclipse disclosures, the documented in-the-wild exploitation of CVE-2025-62221 before patch, and the cadence of discoveries on cldflt.sys in less than two years, paint a picture in which the practice of silent patching, the lack of technical detail in MSRC advisories, and the absence of published IOCs for in-the-wild exploited vulnerabilities, create an operational information deficit for defenders. Whatever the quality of Microsoft’s internal technical work, this deficit feeds the adversarial dynamic documented by Chaotic Eclipse.

The second lesson, conditional on the silent regression hypothesis, is the fragility of the implicit assumption that a published fix remains effective over time. This assumption underpins the entire classical vulnerability management doctrine: a patch applied, flagged as corrective in an advisory, is deemed to close an exposure. If MiniPlasma demonstrates that a patch can vanish through successive refactorings without any communication being issued, the very fundamentals of vulnerability tracking are called into question. CISOs and vulnerability management program owners will then have to envisage an approach based on continuous verification rather than trust in patching history.

The third lesson, structural, concerns the fragility of cldflt.sys as a subsystem. Four CVEs in 18 months, one of which a 0-day exploited in-the-wild, one a bypass of an old patch, and now a fifth claim still on the same driver. The component clearly has an attack surface that researchers continue to unwind successfully. For CISOs heavily using OneDrive and SharePoint in enterprise environments, the question of the durability of the OneDrive Cloud Files / security posture pair is being posed in new terms. For at-risk environments, the preventive disabling of the driver when functionally possible becomes an option to seriously consider, without waiting for the occurrence of a new incident.

An update to this analysis will be published once the MiniPlasma PoC is independently confirmed and the technical diff between the vulnerable version and the original CVE-2020-17103 patch is published. The disclosure announced by Chaotic Eclipse for the Patch Tuesday of June 2026 will also be covered on this blog. CERT, CSIRT and VOC readers are invited to integrate MiniPlasma into their threat hunting scenarios pending these clarifications, by prioritizing the behavioral indicators mentioned in section 6 rather than signatures specific to the current PoC, which may evolve rapidly after community reverse engineering.