Signal Update: Unpatched Windows zero-day from 2020 gives hackers full system access

According to the latest update, a security researcher by the name of Nightmare-Eclipse (also known as Chaotic Eclipse) has warned of a critical security vulnerability in Windows 11 that could be exploited by hackers to gain full access to any system.

As part of the ongoing story, in December 2020, Microsoft claimed to have patched it—but they don’t appear to have done a good enough job. This particular security vulnerability was actually discovered six years ago and was assigned the designated identifier CVE-2020-17103.

According to the latest update, to demonstrate how dangerous this threat can be, Nightmare-Eclipse has created a proof-of-concept exploit called MiniPlasma, which spawns a shell with system-level privileges.

In a fresh development, i’m unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons. The original PoC by Google worked without any changes,” writes Nightmare-Eclipse on the GitHub page for MiniPlasma. “After investigating, it turns out the exact same issue that was reported to Microsoft by Google project zero is actually still present, unpatched.

As part of the ongoing story, and while it appears to be reliably hackable, he does mention that success rates can vary due to a race condition. Nightmare-Eclipse believes this vulnerability is present in all versions of Windows.

The report highlights that last month, he dropped a different exploit that brought attention to the RedSun vulnerability in Microsoft Defender. This security researcher seems to have a bone to pick with Microsoft, releasing proof-of-concept exploits on more than one occasion.

The report highlights that check out our picks for the best antivirus programs for Windows as well as best VPN services to stay ahead of security problems. Tip: Whether you keep your Windows up to date, you need proper antivirus protections if you want your PC to remain secure and private.

As part of the ongoing story, this article originally appeared on our sister publication PC för Alla and was translated and localized from Swedish.

The report highlights that he has previously worked with Macworld, but today mainly writes for our sister sites PC för Alla and M3. Mikael has a firm grasp on which gadgets are dropped, and what is happening with the streaming services and the most recent AI tools. Mikael writes news across all our consumer tech categories.