What is the key difference in permissions between modifying HKCU and HKCR registry keys?
Modifying keys under `HKCU:\Software\Classes\` requires only standard user permissions, while modifying the corresponding keys under `HKCR` (which is an alias for `HKLM\Software\Classes`) requires administrator privileges. This asymmetry allows a standard user to indirectly modify high-privilege registry paths by writing to `HKCU`, because the system synchronizes the values from `HKCU` to `HKCR` for keys that already exist under `HKCR`. This is a core concept of userland registry hijacking.
permissionsstandard useradministratorHKCUHKCRregistry synchronization
Source:Userland registry hijacking