Redmond, Washington, April 9, 2026, 06:12 (PDT)
Microsoft said on Thursday it was working to restore access for the developers behind WireGuard and VeraCrypt after a verification sweep in its Windows Hardware Program blocked them from sending Windows updates. Scott Hanselman, a Microsoft vice president, wrote that the issue “should be fixed in a bit,” and VeraCrypt maintainer Mounir Idrassi said he had since been connected with the right people at the company. 1
The disruption matters because developers need Microsoft’s code-signing pipeline — the cryptographic approval Windows uses before it will load sensitive drivers and boot software — to ship low-level updates. Microsoft’s own Partner Center documentation says failed verification can block driver code signing and hardware submissions, turning an account problem into a patch-delivery problem. 2
Microsoft had told Windows Hardware Program partners last October that any account not re-verified since April 2024 would need fresh checks and could be suspended after 30 days if verification was not completed. Pavan Davuluri, Microsoft’s executive vice president for Windows and Devices, said the company used “emails, banners, reminders” and would review how it communicates changes after developers said they had received no warning. 3
Jason Donenfeld, the creator of WireGuard, a virtual private network, or VPN, protocol that routes internet traffic through encrypted links, said the suspension stopped a Windows release from shipping. On Hacker News he wrote there was “no warning at all, no notification,” and that if a serious bug surfaced Microsoft would have his “hands entirely tied”; WireGuard also underpins services such as Proton and Tailscale. 4
Idrassi said in a March 30 forum post that Microsoft had terminated the account he used for years to sign Windows drivers and VeraCrypt’s bootloader, the code that starts before Windows loads. He later warned that users who rely on full-system encryption could face boot problems after July 2026 because Microsoft is revoking the certificate authority, or digital trust chain, used to sign the existing bootloader. 5
The problem was not confined to those two projects. BleepingComputer reported similar suspensions affecting Windscribe and MemTest86, while Windscribe said it had used a verified Microsoft account for more than eight years to sign drivers and had spent “over a month” trying to get the freeze lifted. 6
Pete Batard, the developer of Rufus, said on VeraCrypt’s forum that he ran into “the exact same issue” during Secure Boot signing and later cleared it through Partner Center support. Batard said the “no appeals” wording looked like boilerplate and that, in his case, Microsoft’s automated WHOIS check — the public registration record for a domain name — appeared to have failed. 5
But the immediate risk has not gone away. Donenfeld said he had been told an appeal could take 60 days, while Idrassi said failure to restore signing access before the certificate switch would be a “death sentence” for VeraCrypt’s system-encryption feature on Windows; even if the accounts are restored quickly, the episode lays bare how one administrative gate can slow updates for software many users depend on to protect traffic and files. 4
