Skip to content
Tech News
← Back to articles

Microsoft Abruptly Terminates VeraCrypt Account, Halting Windows Updates

2026-04-08 | original
read original get VeraCrypt Encryption Software → more articles
Why This Matters

The abrupt termination of VeraCrypt's signing account by Microsoft underscores vulnerabilities in the open-source software supply chain, especially when reliant on major tech companies for critical functions like driver signing. This incident highlights the risks faced by open-source projects in maintaining software updates and security, which can directly impact user privacy and security. It also raises awareness about the importance of diversifying platform dependencies to ensure continuity of essential security tools.

Key Takeaways

Microsoft has terminated an account associated with VeraCrypt, a popular and long-running piece of encryption software, throwing future Windows updates of the tool into doubt, VeraCrypt’s developer told 404 Media.

The move highlights the sometimes delicate supply chain involved in the publication of open source software, especially software that relies on big tech companies even tangentially.

“I didn't receive any emails from Microsoft nor any prior warnings,” Mounir Idrassi, VeraCrypt’s developer, told 404 Media in an email.

💡 Do you know anything else about this termination or others like it? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at [email protected].

VeraCrypt is an open-source tool for encrypting data at rest. Users can create encrypted partitions on their drives, or make individual encrypted volumes to store their files in. Like its predecessor TrueCrypt, which VeraCrypt is based on, it also lets users create a second, innocuous looking volume if they are compelled to hand over their credentials.

Last week, Idrassi took to the SourceForge forums to explain why he had been absent for a few months. The most serious challenge, he wrote, “is that Microsoft terminated the account I have used for years to sign Windows drivers and the bootloader.”

“Regarding VeraCrypt, I cannot publish Windows updates. Linux and macOS updates can still be done but Windows is the platform used by the majority of users and so the inability to deliver Windows releases is a major blow to the project,” he continued. “Currently I'm out of options.”

Idrassi told 404 Media the termination happened in mid-January. “I was surprised to discover that I could no longer use my account,” he said.

On the forum and in the email to 404 Media, Idrassi shared what he said was the only message he received connected to the account shutdown. “Based on the information you have provided to date, we have determined that your organization does not currently meet the requirements to pass verification. There are no appeals available, we have closed your application,” it reads.

Idrassi told 404 Media the message is concerning his company IDRIX. “As you can read in their message, they say that the organization (IDRIX) doesn't meet their requirements, but I don't see which requirement IDRIX suddenly stopped meeting,” he said.

... continue reading

Explore topics: microsoft veracrypt windows updates sourceforge encryption
Related:
Developer of VeraCrypt encryption software says Windows users may face boot-up issues after Microsoft locked his account
Microsoft’s executive shake-up continues as developer division chief resigns
Xbox’s new era needs games like Forza Horizon 6
The Git Commands I Run Before Reading Any Code
Git commands I run before reading any code

© 2026 GoKawiil

About | Editorial Policy | Contact