When creating a new file on an NTFS drive it's possible to circumvent security checks for setting an arbitrary owner and mandatory label leading to a non-admin user setting those parts of the security descriptor with non-standard values which could result in further attacks resulting privilege escalation.
9f879ee71e885a24959ae7270d898aeb86356fd6f7338f21bc7cc2accad3c7a8