Unpatched Windows zero-day from 2020 gives hackers full system access

A security researcher by the name of Nightmare-Eclipse (also known as Chaotic Eclipse) has warned of a critical security vulnerability in Windows 11 that could be exploited by hackers to gain full access to any system.

This particular security vulnerability was actually discovered six years ago and was assigned the designated identifier CVE-2020-17103. In December 2020, Microsoft claimed to have patched it—but they don’t appear to have done a good enough job.

To demonstrate how dangerous this threat can be, Nightmare-Eclipse has created a proof-of-concept exploit called MiniPlasma, which spawns a shell with system-level privileges.

“After investigating, it turns out the exact same issue that was reported to Microsoft by Google project zero is actually still present, unpatched. I’m unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons. The original PoC by Google worked without any changes,” writes Nightmare-Eclipse on the GitHub page for MiniPlasma.

Nightmare-Eclipse believes this vulnerability is present in all versions of Windows. And while it appears to be reliably hackable, he does mention that success rates can vary due to a race condition.

This security researcher seems to have a bone to pick with Microsoft, releasing proof-of-concept exploits on more than one occasion. Last month, he released a different exploit that brought attention to the RedSun vulnerability in Microsoft Defender.

Tip: Whether you keep your Windows up to date, you need proper antivirus protections if you want your PC to remain secure and private. Check out our picks for the best antivirus software for Windows as well as best VPN services to stay ahead of security problems.