19 May 2026
1. What is being reported?
Researchers have discovered a 'zero-day' vulnerability in Windows, meaning it was unknown to Microsoft and has no official fix yet. This flaw allows attackers to escalate their access rights to 'SYSTEM' level, which is the highest level of control on a Windows computer.
2. What this means in plain English
If exploited, this flaw could let a hacker take over your computer completely, potentially accessing sensitive information or installing harmful software. This risk exists even if your Windows system is fully patched and up to date.
3. Could this affect a small business?
Any small business or organisation using Windows computers could be affected, especially if they allow users to run software or open files from unknown sources. Those not using Windows or who have strong security controls may be less at risk.
4. What to do now
- Avoid opening unexpected or suspicious files and links, especially from unknown senders.
- Ensure your Windows updates are installed promptly when Microsoft releases a fix.
- Use antivirus and anti-malware software and keep it up to date.
- Ask your IT provider about any temporary protections or workarounds until a patch is available.
5. Ask your IT provider
Can you confirm if our Windows systems are protected against the new MiniPlasma zero-day privilege escalation vulnerability, and what steps are being taken to secure us until a patch is released?
6. Bottom line
This is a serious Windows security flaw that needs prompt attention; stay cautious and work with your IT support to protect your systems.
Information based on reputable security reporting and CISA KEV.