CVE-2020-17103
Published Dec 10, 2020
Last updated 20 days ago
AI description
CVE-2020-17103 is an Elevation of Privilege vulnerability found in the Windows Cloud Files Mini Filter Driver (cldflt.sys). This flaw allows a locally authenticated attacker with low privileges to escalate their access to SYSTEM-level permissions on a vulnerable system. The vulnerability was initially disclosed and patched by Microsoft as part of their December 2020 Patch Tuesday release cycle. However, it has recently resurfaced in discussions among threat actors and in public exploitation guidance forums, leading to renewed attention on potential exploitation attempts against unpatched Windows environments.
- Description
- Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Modified
- Products
- windows_10, windows_server_2016, windows_server_2019
CVSS 3.1
- Type
- Secondary
- Base score
- 7
- Impact score
- 5.9
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- NVD-CWE-noinfo
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-269
- Hype score
- Not currently trending
Picus Security notes that MiniPlasma is a high-severity zero-day on Windows 11 and Server 2022/2025, enabling SYSTEM access via CVE-2020-17103 and thread token impersonation. https://t.co/jl2MB2h3Rx
@Cyber_O51NT
1 Jun 2026
697 Impressions
2 Retweets
7 Likes
2 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2020-17103 2 - CVE-2026-8507 3 - CVE-2026-3854 4 - CVE-2026-46333 5 - CVE-2025-54957 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
20 May 2026
382 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
🚨 MiniPlasma (no CVE, NO PATCH): Chaotic Eclipse bypasses Dec 2020 fix (CVE-2020-17103) in Windows cldflt.sys → SYSTEM on FULLY PATCHED Win 11 & Server 2025. PoC live on GitHub. No patch exists. Windows admins: monitor cldflt.sys NOW. #ZeroDay #Windows
@lyrie_ai
18 May 2026
61 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Turns out that the fix for the CVE-2020-17103 , the Cloud Filter HsmOsBlockPlaceholderAccess driver bug reported by @tiraniddo was never ported to Windows 11 / Server 2025 and still not fixed. LPE from user to SYSTEM 🤦♂️ https://t.co/NbwIz7eQcw
@decoder_it
18 May 2026
9310 Impressions
25 Retweets
93 Likes
43 Bookmarks
2 Replies
1 Quote
Top 5 Trending CVEs: 1 - CVE-2026-41089 2 - CVE-2023-38606 3 - CVE-2020-17103 4 - CVE-2026-46333 5 - CVE-2026-20182 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
18 May 2026
159 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-42945 2 - CVE-2026-46333 3 - CVE-2020-17103 4 - CVE-2026-41089 5 - CVE-2026-42897 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
17 May 2026
116 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 MiniPlasma 5e divulgation publique non coordonnée de Chaotic Eclipse en 6 semaines. Cible : cldflt.sys (Cloud Files Mini Filter Driver). PoC : SYSTEM shell sur Windows 11 + Server 2025 entièrement patchés. Allégation extraordinaire : le patch CVE-2020-17103 serait abse
@marcfredericgo
16 May 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
6 yıl önce Microsoft'a bildirilen yetki yükseltme açığı halen aynı şekilde duruyor iddiası var. 2020 yılında bildiriliyor ve sözde CVE-2020-17103 olarak fixleniyor, ancak açığının halen var olduğu söylenmekte. Windows 11 ve Server 2025 de test edilmiş. https:
@ridvanyagli
16 May 2026
120 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
It's confirmed, CVE-2020-17103 patch is ineffective and the vulnerability still exists, A weaponized PoC can be found here - https://t.co/7hnamkLsS1 Tested against fully patched Windows 11 and Server 2025 machines.
@ChaoticEclipse0
16 May 2026
31456 Impressions
93 Retweets
387 Likes
205 Bookmarks
6 Replies
4 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2C378B-1507-4C81-82F6-9F599616845A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
"matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A190388-AA82-4504-9D5A-624F23268C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
"matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
"matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]