Signal
Researcher resurfaces unpatched Windows exploits including SYSTEM-level and BitLocker bypass
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-05-17 22:30 UTCUpdated 2026-05-18 12:04 UTC
rss
cveexploitwindowsincident_response
Trend in the last 24h
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (3 domains)domains are deduped. counts indicate coverage, not truth.3 top sources shown
Overview
A Windows elevation-of-privilege vulnerability affecting the Cloud Filter driver (cldflt.sys), originally reported in 2020, has been rediscovered and weaponized as the MiniPlasma exploit, capable of gaining SYSTEM privileges on fully patched Windows systems.
Entities
MicrosoftMiniPlasmaYellowKeyNightmare EclipseJames ForshawAgnidipta Sarkar
Score total
1.13
Momentum 24h
3
Posts
3
Origins
3
Source types
1
Duplicate ratio
0%
Why now
- MiniPlasma exploit was recently released publicly, demonstrating active threat potential.
- YellowKey zero-day exploit disclosure raises immediate concerns for Windows 11 users.
- Both exploits underscore the urgency for improved vulnerability management and incident response.
Why it matters
- Legacy Windows vulnerabilities can remain exploitable years after patches, risking system compromise.
- BitLocker bypasses threaten disk encryption protections critical for organizational security.
- Highlights gaps in patch management and regression testing in Windows security lifecycle.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
- MiniPlasma exploit works on fully patched Windows systems to gain SYSTEM privileges via a 2020 Cloud Filter driver vulnerability.
- YellowKey is a zero-day exploit bypassing Windows 11 BitLocker encryption requiring physical access.
How sources frame it
- CSO Online: neutral
- SecurityWeek: neutral
- Schneier On Security: neutral
This briefing highlights the resurfacing of a long-standing Windows privilege escalation vulnerability and a new BitLocker bypass exploit, both published by the same researcher, emphasizing ongoing Windows security...
All evidence
All evidence
‘Patched’ Windows bug resurfaces 6 years later as working SYSTEM-level exploit
CSO Online · csoonline.com · 2026-05-18 12:04 UTC
Zero-Day Exploit Against Windows BitLocker
Schneier on Security · schneier.com · 2026-05-18 11:08 UTC
Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE
SecurityWeek · securityweek.com · 2026-05-18 10:38 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -
Showing 3 / 0
Top publishers (this list)
- CSO Online (1)
- Schneier on Security (1)
- SecurityWeek (1)
Top origin domains (this list)
- csoonline.com (1)
- schneier.com (1)
- securityweek.com (1)