Loading...
Loading...
Microsoft has abruptly suspended the Microsoft developer organization account used by VeraCrypt (IDRIX) to sign and ship Windows drivers and bootloader updates, effectively freezing new Windows releases for the widely used open-source disk-encryption tool. VeraCrypt’s lead developer says the notice cited a failed verification with no detailed explanation, warning, or meaningful appeal process, and that support responses appeared automated. The incident could leave Windows users exposed to unresolved bugs, including potential boot-related issues, while Linux and macOS builds remain unaffected. Reports that WireGuard’s maintainer faced a similar suspension highlight a broader risk: opaque platform verification and code-signing dependencies creating single points of failure for security software supply chains.
WireGuard VPN developer can’t ship software updates after Microsoft locks account
VeraCrypt lead developer Mounir Idrassi warned Windows users may face boot failures after Microsoft disabled his account, blocking access to his Microsoft Store and Windows signing keys. Idrassi says the revoked signing certificate prevents him from building signed VeraCrypt installers and drivers for Windows, potentially causing users to be unable to boot into encrypted systems or install updates. The situation escalated after Microsoft reportedly told him the account was locked for violations; Idrassi disputes the claim and says he has not been given details. The incident highlights risks in centralized platform control over developer identities and code signing for security-critical open-source projects, raising concerns for users and maintainers relying on vendor-managed signing infrastructure.
Microsoft abruptly terminated the developer organization account used by VeraCrypt in mid-January, blocking the project's ability to sign and publish Windows drivers and bootloader updates, VeraCrypt lead developer Mounir Idrassi told 404 Media. Idrassi said he received a terse Microsoft message claiming his organization (IDRIX) failed verification with no explanation or appeal, and that automated/AI-like support replies offered no clarity. The suspension affects Windows releases—VeraCrypt’s largest user base—though Linux and macOS updates remain possible. Hacker News posts indicate WireGuard’s maintainer faced a similar sudden suspension, raising broader supply-chain and platform-dependency concerns for open-source security tools that rely on big tech vendor accounts for code signing and distribution. Microsoft did not respond before publication.
Microsoft terminated the account used by VeraCrypt developer Mounir Idrassi to sign Windows drivers and the bootloader, preventing Windows updates for the popular open-source disk‑encryption tool. Idrassi says he received no prior warning and only a terse message that his organization (IDRIX) failed verification with no appeal; Microsoft gave no public explanation. The disruption affects most VeraCrypt users (Windows being dominant) and underscores fragility in open‑source supply chains that rely on big‑tech accounts for code signing and distribution. Other projects such as WireGuard report similar sudden suspensions, raising broader concerns about opaque verification processes, automated support responses, and single‑point failures in platform-dependent release workflows.
Developer of VeraCrypt encryption software says Windows users may face boot-up issues after Microsoft locked his account