Microsoft Halts Key Open-Source Project Developer Accounts

Microsoft Halts Key Open-Source Project Developer Accounts

Posted on By CWS

Microsoft has unexpectedly suspended the developer accounts of two prominent open-source security projects, VeraCrypt and WireGuard, preventing them from signing drivers and releasing updates to Windows users. The move was made without prior notification or explanation, leaving the developers in a difficult position.

Impact on Key Security Projects

On March 30, Mounir Idrassi, the lead developer of VeraCrypt, announced on SourceForge that Microsoft had unexpectedly terminated his account, which was essential for signing Windows drivers. This development was followed by Jason Donenfeld, creator of the WireGuard VPN protocol, facing a similar account lockout.

Adding to the concern, Windscribe, another VPN provider, reported experiencing the same issue, indicating a broader enforcement of Microsoft’s policies.

New Verification Requirements

Microsoft requires developers to verify their identity through trusted third-party vendors under its Partner Center program. This policy, which came into full effect on April 1, 2026, mandates re-verification using government-issued IDs. Accounts that fail verification face automatic suspension, with no option for immediate recourse.

Neither Idrassi nor Donenfeld received any indication that re-verification was necessary, leaving them unprepared for the account suspensions.

Consequences and Responses

The suspensions pose significant challenges. VeraCrypt, a trusted disk encryption tool, risks losing its capability to encrypt system drives without resolution by June 2026. Similarly, WireGuard is unable to distribute updates, potentially exposing users to vulnerabilities.

The issue has prompted a response from within Microsoft. Developer advocate Scott Hanselman contacted both developers, promising to expedite a solution. However, the developers are currently engaged in a 60-day appeals process.

This incident highlights the vulnerability of open-source projects dependent on single vendor systems. It underscores the risks associated with automated enforcement mechanisms lacking transparency and appeal options, which can have severe consequences for global privacy infrastructure.

Stay informed about the latest in cybersecurity by following us on Google News, LinkedIn, and X. Contact us to share your stories.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Malicious VS Code Extensions Attacking Windows Solidity Developers to Steal Login Credentials Malicious VS Code Extensions Attacking Windows Solidity Developers to Steal Login Credentials Cyber Security News
Ivanti Endpoint Manager Vulnerabilities Let Attackers Write Arbitrary Files to Disk Ivanti Endpoint Manager Vulnerabilities Let Attackers Write Arbitrary Files to Disk Cyber Security News
Quttera Launches “Evidence-as-Code” API to Automate Security Compliance for SOC 2 and PCI DSS v4.0 Quttera Launches “Evidence-as-Code” API to Automate Security Compliance for SOC 2 and PCI DSS v4.0 Cyber Security News
New ShadowCaptcha Attack Exploiting Hundreds of WordPress Sites to Tricks Victims into Executing Malicious Commands New ShadowCaptcha Attack Exploiting Hundreds of WordPress Sites to Tricks Victims into Executing Malicious Commands Cyber Security News
Cisco Nexus Dashboard Fabric Controller Vulnerability Allows Attackers Device Impersonate as Managed Devices Cisco Nexus Dashboard Fabric Controller Vulnerability Allows Attackers Device Impersonate as Managed Devices Cyber Security News
Speaker Proposal Deadline Approaches for OpenSSL Conference 2025 in Prague Speaker Proposal Deadline Approaches for OpenSSL Conference 2025 in Prague Cyber Security News