The weakness of Windows 10 is that it allows anyone to enjoy the privileges of an administrator
A new vulnerability has been identified in Windows 10 that allows anyone to enjoy administrator privileges. Due to the vulnerability, some files associated with the Windows registry are bound to have file access issues. In particular, security researchers have shown that anyone can access data stored in the Security Account Manager (SAM) file in Windows 10.
The SAM file contains user credentials for the user on the computer, so naturally, it should have no boundaries. However, as observed by security researcher Jonas Lekegard (via) Sleeping computer), The SAM file can actually be retrieved by anyone. You may not notice normally because the file is used permanently by Windows, making it inaccessible to users. But in Windows 10, these vulnerabilities open up bugs.
Windows backs up these files when making shadow copies of a drive, and these backup files are no longer in use. Because they still have the same permissions, any user on the computer can access a supported SAM file and view login credentials for other users. This includes administrators, so you can easily log in to an account that has administrator privileges. You can see an example of a user looking for a hash NTLM password using this user permission monitor in the video below. The user can then change the password and use the new task to perform a task that requires administrator privileges.
This threat was apparently introduced with Windows 10 version 1809 when Microsoft changed the permissions in registry files. Although this vulnerability is still present in Windows 10 version 20H2, it seems that this is the only situation if you upgrade to this version. According to security analyst Will Dorman, this risk does not exist if you install Windows 10 version 20H2.
This limits the risk to some extent. You’ll need to make a shadow copy of your drive in the past so you have accessible SAM files, and not many people do. You also have to keep your computer for a while without a clean install. Regardless, this is a major oversight that can lead to serious problems. It is hoped that Microsoft will soon be able to implement this on existing machines. Most recently, a vulnerability was discovered in the Windows Print Splitter service, which was second in a month.