Israeli security researcher Alexander Korznikov has demonstrated that a local privileged user can even hijack the session of any logged-in Windows user who has higher privileges without knowing that user’s password. The trick works on almost all versions of Windows operating system and does not require any special privileges. The flaw works on every Windows version, even if the workstation is locked, according to the researcher. Microsoft does not deem it a security flaw as it requires local admin rights on the computer, and deems this is how its operating system is supposed to behave.
Source: https://thehackernews.com/2017/03/hack-windows-user-account.html