Researchers including @gentilkiwi, @jeffmcjunkin, @wdormann, are actively working to investigate the state of Access Control List (ACL) misconfigurations in versions of Windows including, Windows 10 and Windows 11 clients. Windows Server does not currently appear to be affected. The misconfigurations allow for read access to Windows SAM (Security Account Manager), SYSTEM, and SECURITY. While these files are locked away from local user access by Windows, Volume Shadow Service (VSS) can be used to bypass the file lock and obtain user passwords, computer private keys, create persistent “silver ticket” account access, etc.
Reports vary based on the installation methods, but fresh iso installations of Windows 10 1809, 1909, 20H2 (original but not the June version), and 21H1 (Windows 11 insider) seem to be affected by this misconfiguration. Updating the affected versions currently does not remove the misconfiguration. Earlier versions before 1809 are not affected.