Microsoft Account Cutoff Disrupts VeraCrypt Windows Signing

Microsoft suspended the VeraCrypt developer’s Microsoft account, which in turn disabled Windows updates for users of the open‑source disk‑encryption tool. The action paused distribution of signed drivers and update mechanisms that VeraCrypt relied on for Windows, disrupting maintenance and security fixes. VeraCrypt is a widely used encryption project and its interruption raises concerns about centralized platform control over critical open‑source security tooling. The incident highlights dependency risks when open‑source projects rely on commercial vendor accounts for code signing and distribution, and underscores broader debates over gatekeeping, trust, and resilience in the software supply chain.

Microsoft abruptly terminated the developer account used by VeraCrypt to sign Windows drivers and bootloaders, blocking the project's ability to publish Windows updates, developer Mounir Idrassi told 404 Media. Idrassi said he received only an automated message claiming his organization (IDRIX) failed verification and that no appeal was available; he has had no substantive human explanation from Microsoft. The shutdown, reported to have occurred in mid-January, affects the majority-Windows user base and highlights supply-chain fragility for open-source security tools that rely on platform vendor services. Hacker News posts suggest other projects such as WireGuard experienced similar sudden suspensions. Microsoft did not respond to requests for comment.

VeraCrypt lead developer Mounir Idrassi says Microsoft terminated the Microsoft account he used to sign Windows drivers and the project bootloader, with no prior notice, explanation, or appeals process. That account loss prevents VeraCrypt from publishing signed Windows updates, jeopardizing secure boot support and threatening the majority-Windows user base; Linux and macOS builds remain unaffected. Idrassi has tried contacting Microsoft but reports only automated responses and no human help, and he’s asking the community for proposals and assistance. Users and contributors on the project forum raised practical concerns about expiring code-signing certificates, secure boot, portable use, and unsigned builds, while offering suggestions to escalate via support channels and social media.

Veracrypt developers posted an update on SourceForge and Hacker News users report problems with Windows releases after Microsoft reportedly disabled the developer certificate, blocking signed installer builds. Commenters compare the situation to past incidents with LibreOffice and raise concerns about platforms using project code for AI training without permission. Community members urge media coverage to reach platform or vendor staff, noting difficulty contacting tech companies directly. This matters because unsigned or unverifiable releases can undermine user trust, distribution, and security for widely used encryption software, while platform policies and certificate controls can significantly impact open-source project maintenance and update delivery.

VeraCrypt lead developer Mounir Idrassi says Microsoft has terminated the Microsoft account he used for years to sign Windows drivers and the bootloader, with no prior notice, explanation, or appeal option. That account loss prevents him from publishing signed Windows updates for VeraCrypt, though Linux and macOS updates remain possible; because most users are on Windows, the project faces a major distribution and secure-boot signing problem. Idrassi has tried contacting Microsoft but received only automated responses and asks for community help and proposals. Users raised questions about expiring code-signing certificates, secure boot, unsigned builds, and interim workarounds. Community members suggested Microsoft support channels and public social posts to escalate the issue.