Microsoft has terminated the developer account used by the open-source encryption tool VeraCrypt to sign Windows drivers, effectively preventing the project from releasing necessary security updates for Windows users.

Key Points

• Developer Mounir Idrassi reported that Microsoft revoked his signing account in mid-January without prior warning or a clear explanation.
• The loss of signing privileges prevents the distribution of Windows-compatible updates for the encryption software, though Linux and macOS versions remain unaffected.
• Microsoft’s automated notification stated that the developer's company, IDRIX, no longer meets verification requirements, but provided no specific details.
• Idrassi has been unable to resolve the issue through Microsoft support, citing a lack of human communication and reliance on automated responses.

Why it Matters

This incident highlights the significant control major platform holders exert over open-source software distribution through mandatory driver signing requirements. The inability to update VeraCrypt leaves a large user base vulnerable to potential security flaws and raises concerns about the transparency of Microsoft's verification processes.