Microsoft Account Lockout Halts WireGuard VPN Updates
▼ Summary
– WireGuard’s developer is locked out of his Microsoft account, preventing him from signing or shipping critical software updates for Windows users.
– This mirrors a similar incident where the developer of the encryption software VeraCrypt was also locked out without prior notification.
– The lockouts stem from a concluded Microsoft verification program that suspended accounts of developers who hadn’t uploaded government ID.
– These suspensions risk leaving users exposed, as developers cannot issue updates, even for critical security vulnerabilities.
– Multiple other developers, like Windscribe, report similar account lockouts and an inability to get support from Microsoft.
A critical security project has been unexpectedly halted from distributing updates to millions of Windows users. The developer behind the widely used open source WireGuard VPN software, Jason Donenfeld, has been locked out of his Microsoft developer account, preventing him from signing and shipping new drivers. This effectively freezes all updates for the Windows version of WireGuard, a foundational component for numerous commercial VPN services like Mullvad, Proton, and Tailscale.
Donenfeld discovered the problem when attempting to log in to submit a modernized code update, only to encounter an “access restricted” error. He confirmed that Microsoft had not sent any prior notification about the account suspension, despite his thorough checks of all email folders. The lockout stems from a recently concluded mandatory account verification program for the Windows Hardware Developer Program, which required participants to submit government identification. Donenfeld completed this verification through a third-party service, which confirmed his status, yet his account access remained suspended.
This incident marks the second time a major open-source security tool has been abruptly cut off by Microsoft. The developer of the encryption software VeraCrypt, Mounid Idrassi, faced an identical lockout. This prevents him from issuing a crucial update before a certificate authority expires, a situation that could leave hundreds of thousands of users unable to boot their systems. Both developers emphasize that Microsoft provided no warning, creating a dangerous scenario where critical security vulnerabilities could not be patched.
The Windows Hardware Program is a gated system that restricts driver development to vetted partners, a necessary control given the deep system access drivers possess. However, the verification process’s opaque execution and lack of communication have created significant operational risks. Donenfeld expressed grave concern, noting that if a critical vulnerability were discovered today, Windows users would be completely exposed with no immediate path to a fix.
After weeks of futile effort, Donenfeld was finally referred to Microsoft’s executive support team. His appeal is now under review, but the process could take up to 60 days. A brief communication late Wednesday offered a glimmer of hope that a resolution might be near. The problem extends beyond these two high-profile cases. The VPN provider Windscribe reported being locked out of its Partner Center account for over a month despite eight years of verified status, lamenting a complete lack of functional support.
These account suspensions highlight a systemic failure in Microsoft’s partner management, where essential security maintenance for globally relied-upon software is held hostage by an uncommunicative administrative process. The inability to ship updates not only stalls development but actively jeopardizes the security posture of countless systems dependent on these trusted tools.
(Source: TechCrunch)
