Microsoft Halts Key Open-Source Project Developer Accounts

Microsoft Halts Key Open-Source Project Developer Accounts

Posted on By CWS

Microsoft has unexpectedly suspended the developer accounts of two prominent open-source security projects, VeraCrypt and WireGuard, preventing them from signing drivers and releasing updates to Windows users. The move was made without prior notification or explanation, leaving the developers in a difficult position.

Impact on Key Security Projects

On March 30, Mounir Idrassi, the lead developer of VeraCrypt, announced on SourceForge that Microsoft had unexpectedly terminated his account, which was essential for signing Windows drivers. This development was followed by Jason Donenfeld, creator of the WireGuard VPN protocol, facing a similar account lockout.

Adding to the concern, Windscribe, another VPN provider, reported experiencing the same issue, indicating a broader enforcement of Microsoft’s policies.

New Verification Requirements

Microsoft requires developers to verify their identity through trusted third-party vendors under its Partner Center program. This policy, which came into full effect on April 1, 2026, mandates re-verification using government-issued IDs. Accounts that fail verification face automatic suspension, with no option for immediate recourse.

Neither Idrassi nor Donenfeld received any indication that re-verification was necessary, leaving them unprepared for the account suspensions.

Consequences and Responses

The suspensions pose significant challenges. VeraCrypt, a trusted disk encryption tool, risks losing its capability to encrypt system drives without resolution by June 2026. Similarly, WireGuard is unable to distribute updates, potentially exposing users to vulnerabilities.

The issue has prompted a response from within Microsoft. Developer advocate Scott Hanselman contacted both developers, promising to expedite a solution. However, the developers are currently engaged in a 60-day appeals process.

This incident highlights the vulnerability of open-source projects dependent on single vendor systems. It underscores the risks associated with automated enforcement mechanisms lacking transparency and appeal options, which can have severe consequences for global privacy infrastructure.

Stay informed about the latest in cybersecurity by following us on Google News, LinkedIn, and X. Contact us to share your stories.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Cisco Unified Communications 0-day RCE Vulnerability Exploited in the Wild to Gain Root Access Cisco Unified Communications 0-day RCE Vulnerability Exploited in the Wild to Gain Root Access Cyber Security News
AI-Enhanced Lazarus Campaign Targets Crypto Developers AI-Enhanced Lazarus Campaign Targets Crypto Developers Cyber Security News
Redmi Buds Vulnerability Allow Attackers Access Call Data and Trigger Firmware Crashes Redmi Buds Vulnerability Allow Attackers Access Call Data and Trigger Firmware Crashes Cyber Security News
New Clickfix Attack Exploits finger.exe Tool to Trick Users into Execute Malicious Code New Clickfix Attack Exploits finger.exe Tool to Trick Users into Execute Malicious Code Cyber Security News
5 Asian Cities Where Cybersecurity Maturity Meets Innovation 5 Asian Cities Where Cybersecurity Maturity Meets Innovation Cyber Security News
Windows Defender Firewall Service Vulnerability Let Attackers Disclose Sensitive Data Windows Defender Firewall Service Vulnerability Let Attackers Disclose Sensitive Data Cyber Security News