Summary
A zero-day exploit named 'MiniPlasma' allows local privilege escalation to SYSTEM on fully patched Windows systems by abusing a regressed vulnerability in the Cloud Filter driver. The flaw appears to be a re-emergence of CVE-2020-17103.
Take Action:
Until Microsoft releases a fix, restrict who can log in locally to your Windows machines (especially shared workstations, VDI, and jump servers) and use AppLocker or Windows Defender Application Control to block the public MiniPlasma.exe exploit. On servers that don't need OneDrive/cloud file syncing, disable or remove the Cloud Files filter driver (cldflt.sys) to remove the vulnerable component entirely.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)