As discovered by BleepingComputer, a massive security hole has been found in Windows 10 (see how to get Windows 10 for free or cheap) and Windows 11 that allows local account users to access sensitive account information of both local and administrator accounts. This issue extends to the point where local accounts can change passwords of admin accounts, allowing potential attackers full access to the PC.
The problem lies in Microsoft’s security rules assigned to the Windows Registry and the Security Account Manager. Both for some reason have reduced restrictions allowing any local user to fully access the files without administrator privileges.
This is even more critical of the Security Account Manager which holds all the account data — including passwords — of all users on the PC. Giving local users access to this private information can allow attackers to log into one of the administrator accounts for full control of the PC.
Luckily you can’t just access the Windows Registry files at your leisure, as those files are always in use when Windows is running, meaning you can’t view the files as Windows is using them.
But the workaround to this “problem”, is to access the Windows Shadow Volume which serves as a backup to the Windows Registry and SAM files.
Microsoft is aware of the matter and is tracking it with code CVE-2021-36934, and includes a complete workaround for the issue, which includes restricting access to %windir%system32config and deleting any restore points or Shadow volumes that were created before that point, until the hole is plugged with an official security patch.