A researcher that goes by the Twitter handle @jonasLyk has unearthed an easily exploitable vulnerability (CVE-2021-36934) in Windows 10. The vulnerability stems from the fact that non-administrative users can read the vulnerable host’s sam (Security Accounts Manager), system, and security Windows Registry hive files. Microsoft has advised on two temporary workarounds, which include restricting access to the contents of %windir%system32config and deleting Volume Shadow Copy Service (VSS) shadow copies.
Source: https://www.helpnetsecurity.com/2021/07/21/cve-2021-36934/