Microsoft Account Lockout Threatens VeraCrypt Users with Potential Boot Issues
Mounir Idrassi, the developer behind the widely-used encryption software VeraCrypt, has reported that Microsoft has terminated his developer account without prior notice or explanation. This account was essential for signing Windows drivers and the bootloader, ensuring the software’s integrity and compatibility with Windows systems. The abrupt termination poses a significant risk to users who rely on VeraCrypt for encrypting their entire operating systems, as they may soon encounter boot-up issues.
VeraCrypt is an open-source encryption tool that allows users to secure their files or entire operating systems with robust encryption, safeguarding data from unauthorized access. The software has garnered a substantial user base, with the latest Windows version, released in May 2025, nearing one million downloads.
Idrassi expressed his concerns in an online post dated March 30, stating that Microsoft terminated the account I have used for years to sign Windows drivers and the bootloader, and noted the lack of an explanation or an avenue for appeal. Despite multiple attempts to contact Microsoft, he has been unable to reach a representative to resolve the issue.
The termination of the developer account is particularly alarming because Microsoft mandates that developers re-verify the security of their software periodically. Without the ability to sign new updates, Idrassi warns that many devices running VeraCrypt may become unbootable if the issue remains unresolved.
This situation underscores the significant control that tech companies wield over the distribution and functionality of third-party applications on their platforms. Users are often at the mercy of these companies’ policies, which can change without notice, potentially leading to disruptions in service or functionality.
While Idrassi can continue to provide updates to Linux and macOS users without hindrance, the majority of VeraCrypt’s user base operates on Windows systems and currently cannot receive necessary updates.
Idrassi reassured users that, for now, VeraCrypt will continue to function without immediate security concerns. However, he cautioned that users who have enabled system encryption—which encrypts the entire operating system to prevent unauthorized access—may face boot-up issues starting in late June 2026.
The crux of the problem lies in Microsoft’s impending revocation of the certificate authority (CA) used to digitally sign VeraCrypt’s software. Digital signatures are crucial for verifying the authenticity and integrity of software, preventing malicious tampering. Without access to his Microsoft developer account, Idrassi cannot apply the necessary new signature to VeraCrypt, which could render the software inoperable on Windows systems.
Idrassi emphasized the gravity of the situation, stating that if the issue is not resolved by the time Microsoft revokes the current CA, it could effectively spell the end for VeraCrypt on Windows platforms.
This incident highlights the broader issue of developers’ reliance on major tech companies for the distribution and maintenance of their software. The unilateral termination of developer accounts without clear communication or recourse can have far-reaching consequences for both developers and end-users.
In the interim, Idrassi advises VeraCrypt users to stay informed about the situation and to be prepared for potential disruptions. He is actively seeking a resolution with Microsoft to restore his developer account access and ensure the continued functionality of VeraCrypt for Windows users.
