This bug is pretty novel as far as I'm aware.
A recent update to Windows means that non administration users can access partition and volume device objects which bypasses the usual file restrictions on special files like SAM/Security files.
Easily tested using 7-zip as it natively supports direct access.
Strangely, Microsoft took a bit of prodding to acknowledge this issue[1].
[1]
https://twitter.com/jonasLyk/status/1316130500667412482