Microsoft has suspended developer accounts used to maintain several high-profile open-source projects without proper notification and no way to immediately restore them, effectively blocking them from publishing new software builds and security patches for Windows users.
The list of affected projects includes, but is not limited to, virtual private network (VPN) software WireGuard, on-the-fly encryption (OTFE) utility VeraCrypt, MemTest86 random access memory (RAM) testing and diagnostics tool, and Windscribe VPN software.
“Microsoft has shut down the account I’ve been using for years to sign Windows drivers and bootloaders. [..] Microsoft did not send me any email or prior warning. I have received no explanation for the termination and their message states that no appeal is possible,” VeraCrypt developer Munir Idrasi said last week.
“I have tried contacting Microsoft through various channels but have only received automated replies and bots. I was unable to reach a human being. [..] I can’t publish Windows updates. Linux and macOS updates can still be made but Windows is the platform used by most users and hence the inability to deliver a Windows release is a major blow to the project.”
The same experience was shared by developers of other widely used projects, including WireGuard maintainer Jason A. Donnenfeld and the dev teams for Windscribe and MemTest86, all of whom said they have been trying to contact a human at Microsoft Support for weeks without success.
“No warnings, no notifications. One day I sign in to publish an update and yes, the account is suspended. Currently going through the 60 day appeal process, but who knows,” Donnenfeld said. “It’s kind of crazy: What if WireGuard had some critical RCEs that were being exploited in the wild, and I needed to update users immediately?”
However, after TechCrunch reported on the issue on Wednesday, Microsoft vice president Scott Hanselman said developer accounts were automatically suspended because they “failed the mandatory account verification for all participants in the Windows Hardware Program who have not completed account verification by April 2024,” about which the company had been emailing “everyone” through October 2025.
As noted in a Hardware Dev Center article published on October 1, the account verification process began on October 16 and will trigger automatic suspension from the Windows Hardware program if participants fail to complete it within 30 days.
“Account verification for the Windows Hardware Program is now complete,” Microsoft said in a March 30 update. “Accounts that did not successfully complete account verification and received a declined verification status have been suspended from the Windows Hardware program, and submissions from these accounts are no longer allowed.”
While BleepingComputer has yet to receive a response after contacting a Microsoft spokesperson for more information, Hanselman said the issue will be addressed “a little bit,” but he did not share why project maintainers were not informed about the suspension.
This was confirmed by Idrasi, Windscribe, and Pavan Davuluri (Microsoft EVP for Windows and Devices), with Idrasi saying that Hanselman reached out to help restore the suspended Partner Center account and adding that “social media postings and interviews with reporters helped initiate a response from Microsoft.”
Davuluri also said, “We worked hard to make sure partners understood it was coming from emails, banners, reminders.” “And we know that sometimes things are still missed. We’re taking this as an opportunity to review how we communicate changes like this and make sure we’re doing it better.”
Automated pentesting proves the path exists. BAS proves whether your controls prevent it or not. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides physicians with three clinical questions for any device evaluation.
<a href