neowin[.]net/news/microsoft-provides-workaround-for-hivenightmare-registry-vulnerability-that-affects-windows-10-and-11/
kb.cert[.]org/vuls/id/506989
Starting with Windows 10 build 1809, non-administrative users are granted read access to files in the %windir%\system32\config directory. This can allow for local privilege escalation (LPE).
Microsoft says it isn't being exploited by cybercriminals, yet -- now that it's published they may be quick to take advantage. It allows privilege escalation, which means it won't allow hackers to access your system, but once they're there it potentially allows them greater access to do more damage. It's not uncommon for cybercriminals to combine exploits taking advantage of different vulnerabilities, for example one to gain limited access, then another to escalate their privileges so they can do more.
In this case the problem is that access to the registry files, and shadow copies of those files is not restricted. The workaround to fix this is easy enough, and well explained at the 2nd link, but it does involve a bit of copy/paste to a command prompt running as admin. Search for cmd, or it's under System Tools in the Win10 20H1 Start Menu -- in the Start menu, right click the Command Prompt shortcut, scroll down to more, and click Run as Admin.