Jason Donenfeld, the creator of the widely used open-source VPN software WireGuard, is facing a serious issue after being locked out of his Microsoft developer account. As a result, he is currently unable to digitally sign drivers or push important updates to Windows users, creating a significant disruption for a technology that underpins major VPN services such as Proton and Tailscale.
This situation is particularly alarming given WireGuard’s role as a core component of modern VPN infrastructure. Without the ability to deliver updates, even minor issues could escalate into larger risks if left unresolved, especially in the event of a critical vulnerability.
The incident is not isolated. Earlier, encryption software VeraCrypt encountered a similar problem when its developer account was suspended without prior notice. In that case, developer Mounir Idrassi warned that failure to update security certificates in time could lead to severe consequences, including systems becoming unbootable for some users.
According to Donenfeld, the issue arose when he attempted to log into Microsoft’s Hardware Program portal to submit a new update he had been working on for weeks. Instead, he was met with an “Access Restricted” message. Despite successfully completing identity verification using his passport through Microsoft’s third-party system, his account remains suspended. He also confirmed that no warning or notification was ever received, even after checking all email folders, including spam.
The root cause appears to be tied to Microsoft’s mandatory account verification program for the Windows Hardware Program, introduced in April 2024. Developers were required to submit updated identity documentation, and accounts that failed to complete the process were automatically suspended. Although the program has since been discontinued, its enforcement continues to affect developers who may not have been aware of the requirement.
While there are currently no known critical vulnerabilities requiring immediate patches, Donenfeld emphasized that the inability to deploy updates poses a serious risk. If an urgent issue were to arise, millions of users could be exposed without a timely fix. Adding to the concern, Microsoft’s executive support team reportedly informed him that the appeal process could take up to 60 days, an unusually long timeframe for security-related software.
There are, however, early signs of progress. Donenfeld has recently managed to establish contact with Microsoft representatives and is hopeful for a resolution in the near future. At the same time, other VPN developers such as Windscribe have also voiced frustration, claiming they have been stuck in similar situations for over a month without progress.
This incident highlights a growing concern around developer relations and platform dependency, raising questions about how critical security tools can be impacted by administrative or procedural issues within major tech ecosystems.
Origin: Techcrunch
