Both of the vulnerabilities can be exploited by hackers to give non-admin users full access to the respective operating system.
The Windows exploit was discovered by security researcher Jonas Lykkegaard, who shared his findings on Twitter. Lykkegaard discovered that the Windows 10 and 11 registry files associated with the Security Account Manager (SAM) are accessible to the “User” group, which has minimal access privileges on a computer.
The SAM is a database that stores user accounts and account descriptors. With this bug, malicious actors could, according to Microsoft, “…Install programs; view, change, or delete data; or create new accounts with full user rights.”