This can be a remote exploit that is more effective than brute force (and why bother when you could just
pass the hash). Also allows you to steal domain level credentials instead of just local. But yea cracking the passwords on a local machine is easy since they use the same crappy hashing algorithm they did 20 years ago. Windows "security" truly is a nightmare and it is yet another reason most infrastructure runs on the superior *nix based operating systems.