It’s a configuration flaw. explorer.exe should not be treated as ‘trusted application’ and c:\windows* should be protected.