Microsoft Halts Key Open-Source Project Developer Accounts

Microsoft Halts Key Open-Source Project Developer Accounts

Posted on By CWS

Microsoft has unexpectedly suspended the developer accounts of two prominent open-source security projects, VeraCrypt and WireGuard, preventing them from signing drivers and releasing updates to Windows users. The move was made without prior notification or explanation, leaving the developers in a difficult position.

Impact on Key Security Projects

On March 30, Mounir Idrassi, the lead developer of VeraCrypt, announced on SourceForge that Microsoft had unexpectedly terminated his account, which was essential for signing Windows drivers. This development was followed by Jason Donenfeld, creator of the WireGuard VPN protocol, facing a similar account lockout.

Adding to the concern, Windscribe, another VPN provider, reported experiencing the same issue, indicating a broader enforcement of Microsoft’s policies.

New Verification Requirements

Microsoft requires developers to verify their identity through trusted third-party vendors under its Partner Center program. This policy, which came into full effect on April 1, 2026, mandates re-verification using government-issued IDs. Accounts that fail verification face automatic suspension, with no option for immediate recourse.

Neither Idrassi nor Donenfeld received any indication that re-verification was necessary, leaving them unprepared for the account suspensions.

Consequences and Responses

The suspensions pose significant challenges. VeraCrypt, a trusted disk encryption tool, risks losing its capability to encrypt system drives without resolution by June 2026. Similarly, WireGuard is unable to distribute updates, potentially exposing users to vulnerabilities.

The issue has prompted a response from within Microsoft. Developer advocate Scott Hanselman contacted both developers, promising to expedite a solution. However, the developers are currently engaged in a 60-day appeals process.

This incident highlights the vulnerability of open-source projects dependent on single vendor systems. It underscores the risks associated with automated enforcement mechanisms lacking transparency and appeal options, which can have severe consequences for global privacy infrastructure.

Stay informed about the latest in cybersecurity by following us on Google News, LinkedIn, and X. Contact us to share your stories.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Critical Hikvision Vulnerability Threatens Wireless Access Points Critical Hikvision Vulnerability Threatens Wireless Access Points Cyber Security News
Python-powered Toolkit for Information Gathering and reconnaissance Python-powered Toolkit for Information Gathering and reconnaissance Cyber Security News
Critical GoAnywhere MFT Platform Vulnerability Exposes Enterprises to Remote Exploitation Critical GoAnywhere MFT Platform Vulnerability Exposes Enterprises to Remote Exploitation Cyber Security News
Threat Actors Breaking to Enterprise Infrastructure Within 18 Minutes From Initial Access Threat Actors Breaking to Enterprise Infrastructure Within 18 Minutes From Initial Access Cyber Security News
AI Adoption Surges While Governance Lags — Report Warns of Growing Shadow Identity Risk AI Adoption Surges While Governance Lags — Report Warns of Growing Shadow Identity Risk Cyber Security News
Network Security Checklist – 2026 Network Security Checklist – 2026 Cyber Security News