MiniPlasma Windows Zero-Day Still Unpatched After June Patch Tuesday — SYSTEM Privilege Escalation Active on All Fully Patched Windows 11

The Nightmare Eclipse researcher's MiniPlasma zero-day—which grants SYSTEM-level privilege escalation on fully patched Windows 11 via a flaw in the Cloud Files Mini Filter Driver (cldflt.sys)—was not patched in Microsoft's June 2026 Patch Tuesday despite active exploitation in the wild. Microsoft's June update fixed three other zero-days from the same researcher's wave (GreenPlasma/CTFMON, YellowKey/BitLocker, HTTP/2 Bomb) but left MiniPlasma unaddressed; BleepingComputer previously confirmed the exploit works on the latest Windows 11 Pro with a standard user account. The vulnerability revives a supposedly-fixed 2020 CVE, and the r/cybersecurity community flagged today that no patch appeared in the June release notes.