Microsoft Halts Key Open-Source Project Developer Accounts

Microsoft Halts Key Open-Source Project Developer Accounts

Posted on By CWS

Microsoft has unexpectedly suspended the developer accounts of two prominent open-source security projects, VeraCrypt and WireGuard, preventing them from signing drivers and releasing updates to Windows users. The move was made without prior notification or explanation, leaving the developers in a difficult position.

Impact on Key Security Projects

On March 30, Mounir Idrassi, the lead developer of VeraCrypt, announced on SourceForge that Microsoft had unexpectedly terminated his account, which was essential for signing Windows drivers. This development was followed by Jason Donenfeld, creator of the WireGuard VPN protocol, facing a similar account lockout.

Adding to the concern, Windscribe, another VPN provider, reported experiencing the same issue, indicating a broader enforcement of Microsoft’s policies.

New Verification Requirements

Microsoft requires developers to verify their identity through trusted third-party vendors under its Partner Center program. This policy, which came into full effect on April 1, 2026, mandates re-verification using government-issued IDs. Accounts that fail verification face automatic suspension, with no option for immediate recourse.

Neither Idrassi nor Donenfeld received any indication that re-verification was necessary, leaving them unprepared for the account suspensions.

Consequences and Responses

The suspensions pose significant challenges. VeraCrypt, a trusted disk encryption tool, risks losing its capability to encrypt system drives without resolution by June 2026. Similarly, WireGuard is unable to distribute updates, potentially exposing users to vulnerabilities.

The issue has prompted a response from within Microsoft. Developer advocate Scott Hanselman contacted both developers, promising to expedite a solution. However, the developers are currently engaged in a 60-day appeals process.

This incident highlights the vulnerability of open-source projects dependent on single vendor systems. It underscores the risks associated with automated enforcement mechanisms lacking transparency and appeal options, which can have severe consequences for global privacy infrastructure.

Stay informed about the latest in cybersecurity by following us on Google News, LinkedIn, and X. Contact us to share your stories.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

PipeMagic Malware Mimic as ChatGPT App Exploits Windows Vulnerability to Deploy Ransomware PipeMagic Malware Mimic as ChatGPT App Exploits Windows Vulnerability to Deploy Ransomware Cyber Security News
Chinese PlushDaemon Hackers use EdgeStepper Tool to Hijack Legitimate Updates and Redirect to Malicious Servers Chinese PlushDaemon Hackers use EdgeStepper Tool to Hijack Legitimate Updates and Redirect to Malicious Servers Cyber Security News
KFC Venezuela Alleged Data Breach KFC Venezuela Alleged Data Breach Cyber Security News
Authorities Dismantle Cybercrime-as-a-Service Platform, Seize 40,000 Active SIM Cards Authorities Dismantle Cybercrime-as-a-Service Platform, Seize 40,000 Active SIM Cards Cyber Security News
China-Nexus APT Group Leverages DLL Sideloading Technique to Attack Government and Media Sectors China-Nexus APT Group Leverages DLL Sideloading Technique to Attack Government and Media Sectors Cyber Security News
EvilTokens: A New Phishing Threat Targeting Microsoft Accounts EvilTokens: A New Phishing Threat Targeting Microsoft Accounts Cyber Security News