A researcher has claimed a proof-of-concept exploit related to an older Windows vulnerability may still function on updated systems, though this has not been independently verified or officially confirmed by Microsoft.
Security researcher Chaotic Eclipse, also known as Nightmare Eclipse, has revealed a new vulnerability called “Mini Plasma” that impacts fully patched Windows 11 systems with the May 2026 updates installed. The flaw can grant attackers SYSTEM-level access, and the researcher published both the exploit code and a working proof-of-concept on GitHub, alleging that Microsoft did not completely resolve a related vulnerability first identified in 2020.
The flaw was first identified six years ago by James Forshaw from Google Project Zero. Microsoft later issued a fix for the issue, tracking it as CVE-2020-17103, an Elevation of Privilege vulnerability rated 7.0 on the CVSS scale. Yet, according to Nightmare Eclipse, the original proof-of-concept exploit created by Google Project Zero still executed successfully without any modifications after being tested again following a tip from another researcher.
In a post on GitHub, the researcher questioned whether the vulnerability had ever been properly resolved or if the original patch had later been rolled back silently for undisclosed reasons.
If the researcher’s claims are accurate, and the 2020 fix was effectively undone or reverted without public disclosure, it would represent a significant concern regarding Microsoft’s vulnerability management practices and patch governance.
Microsoft is often criticized for being associated with a large number of reported vulnerabilities, though this perception is partly influenced by the sheer scale of its software ecosystem. With such widespread usage and complexity, its products naturally attract more security findings compared to smaller platforms, making direct comparisons with other vendors less straightforward.
With the rise of AI, we are also seeing a notable increase in reported vulnerabilities. Cases like this, where a new issue appears to be connected to an older, previously patched vulnerability – raise concerns about whether current security practices are truly prepared for the evolving landscape of vulnerability discovery in the AI era.
