You don't have anything of value on that machine, at least not yet. The user entered their Windows login creds into the fake prompt, but the Windows partition itself is still encrypted.
Now, if this is a Microsoft account whose login creds you've stolen, and if the user doesn't have 2FA set up on their account / you are in a position to manipulate them into allowing the 2FA, then yes you can get into their Microsoft Account and access the data there. And if the recovery key is easily extractable from there as AshamedCaptain said in their comment, then yes you have access to the encrypted disk too. And of course if they reused those creds on other websites you have those too, yada yada.
But still, we are still talking about default configurations, right? You still haven't addressed my point that this evil maid attack already works on any machine where the UEFI isn't password-protected by default.
... or you can just login on the device itself.
(for which I certainly hope doesn't require todays crappy 2FA to work (unless you have something like a yubikey))
Yes, that is still an issue - for now. Which is arguably why these steps are being made. To close that hole one step at a time.
So just to be clear, the hole you're hoping to be closed is not Lenovo's "Allow UEFI CA" checkbox. The hole you're hoping to be closed is a) the ability to change the CAs at all, and b) the ability to disable SB. In other words you're hoping for hardware that can only boot Windows in perpetuity, nothing else.
It's fine if that's what you're hoping for, but I just want you to be aware of that in case you weren't already.
But I do think it is reasonable for a "windows PC" (one where the device is sold with windows preinstalled) only can boot windows by default. As that is what will benefit the absolute vast majority of users (though to be fair, there is plenty of lower hanging fruits than the boot process for most users).
But it is wholly unreasonable for the owner of the PC not to be able to disable that by themselves (without internet access or anything). If the solution to that is to require a UEFI password to be setup (perhaps windows could set the UEFI-password to the same as the main user if it hadn't already been set) - and resetting the uefi-password would wipe any encryption keys in the TPM that is fine (as long as the option to reset the uefi password exist).
And further, not allowing the owner the control to dual-boot windows and any other OS is also wholly unreasonable (but I'm fine with the owner having to enable it in UEFI first).
Can I hope for it? Would put an end to the "slapping Linux on a Windows box and complaining about how it doesn't work right" nonsense. (Probably in the bad way, and almost certainly with massive damage to the wider x86 hardware market, but still....)
One of the things Apple did kinda right was forcing you to buy Apple hardware to run OSX. It would be deeply ironic of Microsoft to cause the same end effect by locking Linux _out_ of all the Windows computers.
Now, if this is a Microsoft account whose login creds you've stolen, and if the user doesn't have 2FA set up on their account / you are in a position to manipulate them into allowing the 2FA, then yes you can get into their Microsoft Account and access the data there. And if the recovery key is easily extractable from there as AshamedCaptain said in their comment, then yes you have access to the encrypted disk too. And of course if they reused those creds on other websites you have those too, yada yada.
But still, we are still talking about default configurations, right? You still haven't addressed my point that this evil maid attack already works on any machine where the UEFI isn't password-protected by default.