10 Critical Facts About the Unpatched Windows Zero-Day That Threatens Full System Access

In a shocking revelation, a security researcher has uncovered that a six-year-old Windows vulnerability, supposedly patched by Microsoft in 2020, remains exploitable today. Dubbed CVE-2020-17103, this flaw can grant hackers complete control over any system. Below are the ten essential things you need to know about this alarming threat, from its origins to how you can defend yourself.

1. The Vulnerability: CVE-2020-17103 at a Glance

First reported in 2020, CVE-2020-17103 is a privilege escalation vulnerability in Windows. If successfully exploited, it allows an attacker to elevate their privileges to the highest system level, effectively gaining full administrative access to the affected machine. This means they can install programs, view, change, or delete data, and create new user accounts with unrestricted rights. The flaw resides deep within the Windows kernel, making it particularly dangerous. Despite Microsoft initially issuing a patch in December 2020, recent research indicates the fix was either incomplete or reverted, leaving systems exposed to the same exploit six years later.

10 Critical Facts About the Unpatched Windows Zero-Day That Threatens Full System Access — Source: www.pcworld.com

2. Meet the Researcher: Nightmare-Eclipse (a.k.a. Chaotic Eclipse)

The vulnerability was brought to light by a security researcher known online as Nightmare-Eclipse, also going by Chaotic Eclipse. This individual has a track record of exposing flaws in Microsoft products. In their latest disclosure, they not only warned about the unpatched zero-day but also released a proof-of-concept exploit to demonstrate its severity. The researcher published their findings on GitHub with detailed documentation. Their work underscores the ongoing cat-and-mouse game between security researchers and software giants, where even long-standing issues can resurface with serious consequences.

3. Microsoft's Patch That Didn't Stick

Let's go back to December 2020: Microsoft rolled out a security update meant to fix CVE-2020-17103. However, according to Nightmare-Eclipse's analysis, the patch did not eliminate the root cause. They suspect two possibilities: either Microsoft never actually applied the fix correctly, or the patch was silently rolled back during a later update for unknown reasons. Either way, the same vulnerability that was originally reported by Google Project Zero still exists in current versions of Windows 11 and 10, as well as older builds. This failure to permanently resolve the flaw leaves a massive attack surface for malicious actors.

4. The MiniPlasma Exploit: Proof That It Works

To confirm the danger, Nightmare-Eclipse created an exploit called MiniPlasma. This proof-of-concept tool spawns a command shell with system-level privileges—the highest possible—when executed on a vulnerable machine. The exploit is openly shared on GitHub, serving both as a warning and a research resource. By demonstrating the flaw in action, the researcher pressures Microsoft to take action. For now, any user running an unpatched Windows version is theoretically at risk, with attackers able to use similar methods to achieve full system compromise.

5. Origin Story: Google Project Zero's Discovery

Interestingly, CVE-2020-17103 was originally reported to Microsoft by Google Project Zero, a team of elite security analysts dedicated to finding zero-day vulnerabilities. Their initial proof-of-concept worked seamlessly—and as Nightmare-Eclipse discovered, the same code still works today with zero modifications. This indicates that the original vulnerability was never truly neutralized. The involvement of Project Zero adds a layer of credibility and urgency, as their findings are typically severe and well-vetted. That such a dangerous flaw remains live is a major embarrassment for Microsoft.

6. Why It Remains Unpatched: Theories Explored

Nightmare-Eclipse has put forward two leading theories. The first is that Microsoft simply never patched the vulnerability in the first place—perhaps the fix was deemed too difficult or risky. The second theory suggests the patch was silently rolled back during a cumulative update, possibly due to compatibility issues or an oversight. Without official word from Microsoft, the true cause is unknown, but the effect is clear: millions of Windows devices are susceptible to a known, documented exploit. This situation highlights the complexities of maintaining legacy code and the importance of thorough regression testing.

7. The Race Condition Factor

Like many privilege escalation exploits, MiniPlasma relies on a race condition to succeed. This means the exploit must win a timing battle with the operating system to manipulate memory states. As a result, success rates are not 100%—the researcher notes that exploitation can vary depending on system load and hardware. While this might sound like a saving grace, determined attackers can run the exploit multiple times until it works. Moreover, even a partial success rate poses a significant threat in targeted attacks. The race condition does, however, make mass exploitation less reliable.

8. Which Windows Versions Are at Risk?

Nightmare-Eclipse states that the vulnerability is present in all versions of Windows, including Windows 11, Windows 10, and older builds like Windows 8.1 and Windows 7 (if still supported). Since the core kernel issue remains unchanged across updates, no Windows user is safe from the potential of exploitation. This widespread impact means that enterprises, governments, and individual users alike must take the threat seriously. The lack of an official patch for such a broad range of operating systems is unprecedented and alarming.

9. A Pattern of Exploit Releases

This is not the first time Nightmare-Eclipse has publicly embarrassed Microsoft. Last month, the researcher released a separate exploit that exposed the RedSun vulnerability in Microsoft Defender, the company's built-in antivirus. This pattern suggests a deliberate campaign to highlight systemic security issues in Microsoft products. By consistently providing working exploits on GitHub, the researcher forces the public and press to pay attention. Whether this approach is helpful or harmful is debated, but it undeniably puts pressure on Microsoft to improve its patching processes.

10. How to Protect Yourself from Unpatched Zero-Days

While waiting for Microsoft to release a definitive fix, users must take proactive steps. First, keep Windows Update enabled so you receive any emergency out-of-band patches. Second, invest in reputable third-party antivirus software—our picks for the best antivirus for Windows offer robust protection against exploits. Third, consider using a VPN to secure network traffic. Additionally, practice good security hygiene: limit user privileges, enable firewall settings, and avoid running untrusted executables. Until Microsoft addresses CVE-2020-17103 permanently, vigilance is your best defense.

Conclusion

The re-emergence of CVE-2020-17103 is a stark reminder that even “patched” vulnerabilities can remain active. Microsoft’s failure to fully close this six-year-old flaw leaves every Windows user at risk of a full system takeover. By understanding the ten facts above—from the original discovery to the unpatched state and the practical steps for protection—you can better safeguard your digital life. Stay alert, keep your security tools updated, and demand accountability from software vendors. The threat is real, but with awareness comes resilience.

Tags: