VU#506989: Microsoft Windows 10 gives unprivileged user access to SAM, SYSTEM, and SECURITY files

Overview Starting with Windows 10 build 1809, non-administrative users are granted access to SAM, SYSTEM, and SECURITY registry hive files. This can allow for local privilege escalation (LPE). Description Starting with Windows 10 build 1809, the BUILTIN\Users group is given RX permissions to the following files: c:\Windows\System32\config\sam c:\Windows\System32\config\system c:\Windows\System32\config\security If a VSS shadow copy of the system drive is available, a non-privileged user may leverage access to these files to achieve a number of impacts, including but not limited to:...