Two maintainers of unrelated but critically important software packages are unable to release Windows updates because Microsoft terminated/suspended their accounts.
The creators of VeraCrypt and WireGuard are publicly asking for help to resolve issues with Microsoft. They’re unable to release Windows updates as their accounts were terminated or suspended.
“Microsoft terminated the account I have used for years to sign Windows drivers and the bootloader,” Mounir Idrassi posted on Sourceforge, explaining their absence over the past few months.
“Microsoft did not send me any emails or prior warnings. I have received no explanation for the termination, and their message indicates that no appeal is possible.”
The maintainer provided a screenshot showing Microsoft’s warning that the organization “does not currently meet the requirements to pass verification.”
The notification provides no appeal options, and the application is closed.
The maintainer of popular open-source projects complains that he had no luck contacting Microsoft through various channels, receiving only automated replies from bots and no actual human customer support.
“This termination impacts my work beyond VeraCrypt and has consequences for my daily job. Currently, I’m out of options,” Idrassi said in a post.
“I’m open to proposals and help.”
The conversation on this topic is live. Join in the discussion.
VeraCrypt is a free and open-source disk encryption utility for creating a virtual encrypted disk or partitions. The maintainer can’t publish Windows updates to where most users are. The project can still be updated on Linux and macOS.
The cry for help is quickly gaining traction on Hacker News, Silicon Valley's premier tech forum.
It appears that this incident is not isolated – another maintainer of critical software, WireGuard, shared the same issues. WireGuard is an open-source VPN protocol that serves as the backbone of many popular VPN services.
“No warning at all, no notification. One day, I sign in to publish an update, and yikes, account suspended,” Jason A. Donenfeld, president and security researcher at Edge Security, posted on the forum using his alias “zx2c4.”
“If anybody within Microsoft is able to do something, please contact me.”
This can leave millions of users vulnerable. The maintainer warns that if a critical vulnerability were discovered and actively exploited in the wild, requiring an urgent update, Microsoft has its hands entirely tied. For now, this scenario is hypothetical.
Last year, LibreOffice developer faced the same issues, having their account suspended without a warning and appeals rejected.
The incidents sparked concerns about the control Microsoft and other tech giants have over the software-signing ecosystem.
“This is worrying on many levels. Microsoft forces you to create an account to use Windows, and then they reserve the right to block you from your own account, thereby potentially making you lose access to all your own data,” one of Hacker News users posted.
Microsoft responded to the issues on X – read the follow up to the story here.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked