WireGuard, the leading software and VPN project behind popular security software including Mullvad and others, has been locked out of a key part of its Microsoft developer account and unable to send software updates to Windows users.
Jason Donenfeld, the creator of open source WireGuard VPN software, told TechCrunch that he has been locked out of his Microsoft developer account and, as a result, is unable to sign drivers or push updates to WireGuard for Windows users, which are critical to the operation of his software. Donenfeld said in a post on X Wednesday that the account cancellation stopped a WireGuard update from being sent.
Is the second such incident of a high-profile and widely used open source project that was locked out of its customers due to an apparently abrupt account termination by Microsoft, with popular encryption software VeraCrypt facing a similar circumstance. Both developers said Microsoft blocked them from accessing their accounts without first notifying them.
In the case of VeraCrypt, which is used by hundreds of thousands of users to encrypt files and operating systems, its developer Mounir Idrassi told TechCrunch that locking his account means he can’t update the software in time for the crucial certification authority expiration, which he says may prevent some users from getting started.
Donenfeld, the developer of WireGuard, told TechCrunch in an email: “If there was a critical vulnerability to fix right now, there isn’t! I mean, hypothetically, then users would be totally exposed.”
WireGuard is an open source VPN software used around the world to connect devices over the Internet. WireGuard’s code is very popular for its simplicity and security, as it serves as the basis for many VPN implementations and commercial services that rely on its code, such as Proton and Tailscale.
Donenfeld told TechCrunch in an email that he spent the last few weeks modernizing WireGuard’s Windows code and was ready to send an update copy to Microsoft for verification before it can be shipped to users, but ran into a “restricted access” error when logging into the developer portion of his Microsoft account.
Despite going through the process to verify his driver’s license or passport with Microsoft (the third party Microsoft uses for verification said it was “verified”), Donenfeld said his access was still suspended.
Donenfeld told TechCrunch that he I found a page on the Microsoft website saying that the company had been conducting a “mandatory account verification for all Windows Hardware Program partners who have not completed account verification since April 2024,” but that the verification program had since been closed.
Microsoft’s Windows Hardware Program allows developers like VeraCrypt’s Donenfeld and Idrassi to “implement hardware and device drivers for Windows PCs and other devices.” The ability to develop and publish drivers for Windows users is restricted to known and vetted developers, as drivers can grant broad access to an operating system and its data and are known to be abused by hackers for that reason.
That account verification process meant that developers had to upload their government-issued ID before they were allowed to publish potentially highly sensitive code to the broader base of Windows users.
“Microsoft never sent me any notification about this. I’ve searched every inbox, every spam folder, every email log, and zero, nothing, nothing at all,” Donenfeld said.
The Windows Hardware Program verification program has “now concluded” and developers who have not uploaded their documents have had their accounts “suspended,” the page reads, meaning these accounts can no longer submit updates.
Donenfeld said he was referred to Microsoft’s executive support team, which handles customer service and account requests for high-profile people, who confirmed his appeal had been received but had to wait up to 60 days for review.
On Wednesday night, there was a glimmer of hope in Donenfeld’s case. He told TechCrunch that he eventually contacted Microsoft and hoped the issue would be resolved soon.
Microsoft did not immediately comment when contacted by TechCrunch.
Donenfeld and Idrassi are not alone: the account blocking problems affect others too.
Windscribe, a maker of VPNs and other consumer privacy tools, said in a post on X which had also been blocked from his Partner Center account. The company said it had a verified account for more than eight years in order to hire its drivers.
“We have been trying to resolve this for over a month and are getting nowhere. Support is non-existent,” Windscribe said in its post. “Does anyone know a human being with a brain who still works at Microsoft and can help?”
