Microsoft has abruptly suspended the developer accounts for open-source security projects VeraCrypt and WireGuard, preventing them from signing drivers or issuing updates to Windows users. The developers report that these blocks occurred without any prior warning or explanation, disrupting critical security maintenance for millions of people.
The lead developer of VeraCrypt, Mounir Idrassi, first went public with the situation on March 30 by posting to the project’s SourceForge page. He explained that the account he has used for years to sign the software's bootloader and Windows drivers had been terminated unexpectedly. This action by Microsoft effectively halts the project’s ability to release official, trusted updates for the encryption tool on the Windows platform.
In a conversation with 404 Media, Idrassi emphasized that the move came as a total surprise. He noted that he never received any emails or warnings from Microsoft regarding a change in status or a violation of terms. This lack of communication has left the project in a state of limbo as they attempt to understand why their long-standing access was revoked.
Shortly after Idrassi’s disclosure, WireGuard creator Jason Donenfeld revealed that his project had been hit with an identical lockout. Donenfeld noted that he too received no notification from Microsoft. He later discovered that the suspension appeared to be related to a new identity verification requirement that Microsoft had failed to communicate to account holders before taking action.
The issue does not seem to be isolated to these two projects alone. The VPN provider Windscribe also reported that its account had been suspended under similar circumstances. These concurrent reports suggest that Microsoft has initiated a broad enforcement sweep or a shift in its developer verification protocols that is catching reputable security tools in its wake.
This sudden administrative hurdle poses a significant challenge for open-source developers who rely on Microsoft’s Hardware Program to ensure their software is recognized as safe by the operating system. Without a swift resolution or clearer guidance from Microsoft, these security-focused applications remain unable to provide necessary patches and driver updates to their global user bases.
Source:
