Just because another user on your computer doesn’t have admin privileges doesn’t mean your PC is safe from hostile takeovers. BleepingComputer highlights a zero-day security flaw in both Windows 10 and the recently-announced Windows 11 that lets secondary accounts take master control over the system.
Currently, non-admin users are able to access the shadow volume of registry files relating to the Security Account Manager (SAM); a database that contains both usernames and passwords for local accounts on the operating system. Any malicious user could then grab the hashed passwords of accounts with higher privileges, and grant themselves unfettered control over the OS.
Microsoft has already responded to the vulnerability, stating that it affects anyone running Windows 10 version 1809 and up. While it hasn’t released a full update to fix the security flaw yet, it’s listed a number of workarounds on its site if you’re concerned. This includes restricting access to the file directory to the SAM, or by deleting your shadow copy of Windows. The latter could give you a headache if you need to restore Windows back to an earlier point, however.