CVE-2020-17103

Published Dec 10, 2020

Last updated 15 hours ago

CVSS high 7.0

Overview

AI description

Automated description summarized from trusted sources.

CVE-2020-17103 is an Elevation of Privilege vulnerability found in the Windows Cloud Files Mini Filter Driver (cldflt.sys). This flaw allows a locally authenticated attacker with low privileges to escalate their access to SYSTEM-level permissions on a vulnerable system. The vulnerability was initially disclosed and patched by Microsoft as part of their December 2020 Patch Tuesday release cycle. However, it has recently resurfaced in discussions among threat actors and in public exploitation guidance forums, leading to renewed attention on potential exploitation attempts against unpatched Windows environments.

Description
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Source
secure@microsoft.com
NVD status
Modified
Products
windows_10, windows_server_2016, windows_server_2019

Risk scores

CVSS 3.1

Type
Secondary
Base score
7
Impact score
5.9
Exploitability score
1
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

CVSS 2.0

Type
Primary
Base score
7.2
Impact score
10
Exploitability score
3.9
Vector string
AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-269

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

28

  1. 🔴 MiniPlasma 5e divulgation publique non coordonnée de Chaotic Eclipse en 6 semaines. Cible : cldflt.sys (Cloud Files Mini Filter Driver). PoC : SYSTEM shell sur Windows 11 + Server 2025 entièrement patchés. Allégation extraordinaire : le patch CVE-2020-17103 serait abse

    @marcfredericgo

    16 May 2026

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 6 yıl önce Microsoft'a bildirilen yetki yükseltme açığı halen aynı şekilde duruyor iddiası var. 2020 yılında bildiriliyor ve sözde CVE-2020-17103 olarak fixleniyor, ancak açığının halen var olduğu söylenmekte. Windows 11 ve Server 2025 de test edilmiş. https:

    @ridvanyagli

    16 May 2026

    113 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  3. It's confirmed, CVE-2020-17103 patch is ineffective and the vulnerability still exists, A weaponized PoC can be found here - https://t.co/7hnamkLsS1 Tested against fully patched Windows 11 and Server 2025 machines.

    @ChaoticEclipse0

    16 May 2026

    30778 Impressions

    89 Retweets

    379 Likes

    197 Bookmarks

    6 Replies

    4 Quotes

Configurations

Related CVEs

  1. Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.CVE-2026-42825
  2. Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.CVE-2026-41097
  3. Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.CVE-2026-41095
  4. Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.CVE-2026-41089
  5. Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.CVE-2026-40415

References

Sources include official advisories and independent security research.