We may earn a commission when you buy through links in our articles. Learn more.

Windows 10 and Windows 11 vulnerability lets any user access admin privileges

Windows 10 and Windows 11's password registries left open to lower-level users on your gaming PC

A white laptop running Windows 10 with the start menu open

Just because another user on your computer doesn’t have admin privileges doesn’t mean your PC is safe from hostile takeovers. BleepingComputer highlights a zero-day security flaw in both Windows 10 and the recently-announced Windows 11 that lets secondary accounts take master control over the system.

Currently, non-admin users are able to access the shadow volume of registry files relating to the Security Account Manager (SAM); a database that contains both usernames and passwords for local accounts on the operating system. Any malicious user could then grab the hashed passwords of accounts with higher privileges, and grant themselves unfettered control over the OS.

Microsoft has already responded to the vulnerability, stating that it affects anyone running Windows 10 version 1809 and up. While it hasn’t released a full update to fix the security flaw yet, it’s listed a number of workarounds on its site if you’re concerned. This includes restricting access to the file directory to the SAM, or by deleting your shadow copy of Windows. The latter could give you a headache if you need to restore Windows back to an earlier point, however.

We wouldn’t worry too much about this vulnerability on your private gaming PC, however. Unless someone in your house gains access to your computer locally, attackers would need to somehow access your desktop remotely to take advantage of the bug – this isn’t easy, either, often requiring malware.

You can prevent that from happening by taking basic steps such as avoiding dodgy looking email attachments, installing a solid antivirus program, and never letting anyone you don’t 100% trust take remote control of your PC.