Microsoft has suspended developer accounts required to sign Windows drivers for the widely used open-source tools VeraCrypt and WireGuard, effectively blocking updates for millions of users.
The action, which occurred without prior warning, has left both projects unable to distribute trusted Windows releases and raised concerns about potential security risks.
VeraCrypt maintainer Mounir Idrassi disclosed that his Microsoft Partner Center account, used for years to sign Windows drivers and the bootloader, had been abruptly terminated in mid-January. According to Idrassi, the only feedback he received was an automated message stating that his organization had failed verification checks, with no option to appeal. Despite repeated attempts to contact Microsoft through official channels, he reports receiving only automated responses, with no access to human support.
Commenting on this development, WireGuard creator Jason A. Donenfeld reported encountering the same issue while attempting to push a major update. Donenfeld said his account had been suspended without notification and that he is currently undergoing a 60-day appeal process. He highlighted the potential severity of the situation, noting that if a critical remote code execution (RCE) vulnerability were discovered, he would be unable to deploy a timely fix to Windows users due to the signing restriction.
VeraCrypt and WireGuard are both critical components in the privacy and security ecosystem. VeraCrypt, developed by IDRIX, is a widely trusted disk encryption tool used by individuals, enterprises, and activists to protect sensitive data. WireGuard, on the other hand, is a modern VPN protocol known for its performance, simplicity, and strong cryptographic design, and is integrated into numerous commercial VPN services and operating systems.
Microsoft’s driver-signing infrastructure requires developers to use verified Partner Center accounts to cryptographically sign kernel-level drivers. Without valid signatures, Windows systems, particularly those with Secure Boot enabled, may refuse to load drivers or trigger boot failures. For VeraCrypt users, this could affect encrypted system partitions, while WireGuard users may face disruptions in secure network connectivity.
Existing driver signatures tied to the revoked accounts are expected to expire as early as late June 2026. Once expired, systems that rely on those drivers may experience failures or require manual workarounds, potentially exposing users to security risks or operational disruptions.
Both developers state that Microsoft did not communicate any changes to Partner Center policies or enforcement practices prior to the suspensions. This lack of transparency has left the projects in limbo, with no clear remediation path or explanation for the enforcement action. As of now, Microsoft has not issued a public statement addressing the situation or clarifying whether the suspensions resulted from policy changes, automated enforcement errors, or other factors.
Until current signatures expire, existing installations should continue to function normally. However, the inability to deliver updates means that any newly discovered vulnerabilities may remain unpatched for the affected software on Windows systems.
Have no illusions about either of these issues. The recent news about a certain US agency having backdoor access to Microsoft Bitlocker, while trying to lessen the use of Veracrypt(?) No, sorry. I’m not buying it. Microsoft is a huge player in mass surveillance, and this and other issues help prove that. Linux is likely going to jump in popularity if this nonsense continues. The icing on the cake will be when a major cyber attack occurs by a foreign actor to once again show how, by trying to watch everyone, they let the real bad actors win. Very typical for government to behave this way. Very brazen while being hugely naive.
I use both of those software. I’m glad I jumped over to Linux, but there seems to also be a concentrated push to reduce privacy and security on these open source operating systems as well.
Never a bad time to find another excuse to jump over to Linux 🙂
So what does this mean for VPN users? If their VPN is set to automatic protocol, will it change from WireGuard to UDP or TCP? This also sounds more like a planned tactic… to reduce Privacy and allow reliance on monitoring and Bitlocker (with Keys already submitted from Microsoft to Govt, etc.). Everyone should have a Local Account on their PC’s, and then enable Bitlocker (or possibly VeraCrypt?) within the Local Account so Microsoft won’t have any Bitlocker keys to submit to any other entity. This whole ordeal is total B.S.