Microsoft has suspended developer accounts required to sign Windows drivers for the widely used open-source tools VeraCrypt and WireGuard, effectively blocking updates for millions of users.
The action, which occurred without prior warning, has left both projects unable to distribute trusted Windows releases and raised concerns about potential security risks.
VeraCrypt maintainer Mounir Idrassi disclosed that his Microsoft Partner Center account, used for years to sign Windows drivers and the bootloader, had been abruptly terminated in mid-January. According to Idrassi, the only feedback he received was an automated message stating that his organization had failed verification checks, with no option to appeal. Despite repeated attempts to contact Microsoft through official channels, he reports receiving only automated responses, with no access to human support.
Commenting on this development, WireGuard creator Jason A. Donenfeld reported encountering the same issue while attempting to push a major update. Donenfeld said his account had been suspended without notification and that he is currently undergoing a 60-day appeal process. He highlighted the potential severity of the situation, noting that if a critical remote code execution (RCE) vulnerability were discovered, he would be unable to deploy a timely fix to Windows users due to the signing restriction.
VeraCrypt and WireGuard are both critical components in the privacy and security ecosystem. VeraCrypt, developed by IDRIX, is a widely trusted disk encryption tool used by individuals, enterprises, and activists to protect sensitive data. WireGuard, on the other hand, is a modern VPN protocol known for its performance, simplicity, and strong cryptographic design, and is integrated into numerous commercial VPN services and operating systems.
Microsoft’s driver-signing infrastructure requires developers to use verified Partner Center accounts to cryptographically sign kernel-level drivers. Without valid signatures, Windows systems, particularly those with Secure Boot enabled, may refuse to load drivers or trigger boot failures. For VeraCrypt users, this could affect encrypted system partitions, while WireGuard users may face disruptions in secure network connectivity.
Existing driver signatures tied to the revoked accounts are expected to expire as early as late June 2026. Once expired, systems that rely on those drivers may experience failures or require manual workarounds, potentially exposing users to security risks or operational disruptions.
Both developers state that Microsoft did not communicate any changes to Partner Center policies or enforcement practices prior to the suspensions. This lack of transparency has left the projects in limbo, with no clear remediation path or explanation for the enforcement action. As of now, Microsoft has not issued a public statement addressing the situation or clarifying whether the suspensions resulted from policy changes, automated enforcement errors, or other factors.
Until current signatures expire, existing installations should continue to function normally. However, the inability to deliver updates means that any newly discovered vulnerabilities may remain unpatched for the affected software on Windows systems.
Leave a Reply