Possibly I am missing something, but the use of volume shadow copies or direct (RAW) disk access to retrieve particular files that are "in use" is a long time established possibility.
Extents and Rawcopy were initially written several years ago:
The vulnerability here is that regular non-administrator users can also read sensitive registry hives from the shadow copy. This allows for local privilege escalation exploits.
I see, thanks, I never tested the mentioned programs as a non-Admin user, though the mechanism (if the shadow copies are used) is seemingly the same, so if the BUILTIN/USERS are authorized, they may work as well (and not only on Windows 10).
I guess one way to phrase it would be "the ACLs on the registry files were always overly permissive, but nobody noticed until now because trying to read them the obvious way failed with 'file in use'"