A Twitter user has found and made public a Windows 10/11 vulnerability that exposes admin passwords to local users who can then escalate their privileges up to admin, giving them total system access. As he notes on his posts, he found that Windows Security Account Manager (SAM) data could be read by users with very limited privileges, giving them access to admin passwords. Microsoft apparently caught wind of the vulnerability and posted an Executive Summary of the issue on its Security Vulnerability page.