can virtualapp/didlogical be abused for privilege escalation?
**Disclaimer: I’m not saying Microsoft is up to some illuminati-level b/s or anything, but this account seems weird to me. If this topic has been discussed before, I sincerely apologize.*
* Windows creates a user on your system if you use Windows Live software.
* The account can be viewed by clicking ‘Start,’ and typing ‘credential manager.’
* From here, click the ‘Windows Credentials’ tab and expand the menu next to ‘virtualapp/didlogical.
* This account is created without your consent/knoweledge, and it remakes itself for persistence even if you delete the entry.
* As far as I can tell, the only way to truly remove the account is by uninstalling software that uses Windows live and removing it from the virtualapp/didlogical entry.
I can’t seem to find anything related to this topic other than Microsoft confirming they’ve created it, and it’s used for Windows Live software. I’ve also read that the account affords Microsoft technicians remote access to enter your system, should you need any assistance. However, this is technically a backdoor. If anyone has any further information, please link it to me. Also, here are some questions I’ve been tossing around in my head related to this:
1. What is the true purpose of the account?
2. Where are these credentials used? Is there an application you can use to remote into systems with these creds?
3. Are there any known CVEs or POCs related to the virtualapp/didlogical account/service?
4. How can we find the original password given to this account?
5. I’ve heard rumors that this account is created upon installation, even if the computer has no internet access. Is this true?
6. What privileges does this account have? I’ve read everything from basic privs. to admin-level privs.
Here’s a link to what the account looks like. Yours will have random creds: [https://imgur.com/a/lGEaeE8](https://imgur.com/a/lGEaeE8)