In the video they demonstrated that they're NOT local admin. The machine was set to automatically install updates, all they had to do was hit the "restart" button to start the automatic installation.
They were then able to use a key combination to give them SYSTEM level access from a normal user account. This is absolutely an elevation exploit, and the fact it bypasses Bitlocker during in-place upgrade is a little disturbing.
This bug likely isn't impactful for home users, but for enterprise-style systems (in particular in education) it has a big impact. Now every regular user can trivially become a local admin user. Problematic.
They were then able to use a key combination to give them SYSTEM level access from a normal user account. This is absolutely an elevation exploit, and the fact it bypasses Bitlocker during in-place upgrade is a little disturbing.
This bug likely isn't impactful for home users, but for enterprise-style systems (in particular in education) it has a big impact. Now every regular user can trivially become a local admin user. Problematic.