The developer of the widely-used VeraCrypt encryption software has issued a warning to Windows users regarding potential boot-up issues following the locking of his Microsoft account. Mounir Idrassi, the Japan-based creator of VeraCrypt, stated in a recent online post that Microsoft has terminated access to the account he has relied on for years to sign Windows drivers and the bootloader, leaving him without an explanation or means of appeal.
Idrassi expressed his frustration with Microsoft, noting that his attempts to contact the company were met with silence, as he was unable to reach a customer service representative. This situation is critical because Microsoft mandates that developer accounts undergo re-verification to ensure the security of their software. As a result, many devices running VeraCrypt may face booting issues if the problem remains unresolved.
VeraCrypt is a popular open-source encryption tool that enables users to secure files with password protection or to encrypt entire operating systems, safeguarding data from pre-bootup attacks. The latest Windows version of VeraCrypt, released in May 2025, has seen nearly a million downloads, underscoring its significance among users.
This incident underscores the significant control that tech companies exert over the applications distributed on their platforms, exposing users to risks when they depend on third-party developers whose accounts can be revoked at any time. Idrassi highlighted that while he can still push updates to users on Linux and macOS without issue, the vast majority of his user base, who rely on Windows, currently cannot receive necessary updates.
For the time being, Idrassi reassured affected users that VeraCrypt will continue to function as usual, with no identified security vulnerabilities. However, he cautioned that users with system encryption activated—an option that scrambles the operating system and requires a password to load—could experience boot issues starting around late June 2026. This is due to Microsoft’s imminent revocation of the certificate authority used to digitally sign VeraCrypt software, a critical step that developers undertake to prevent malicious tampering.
Idrassi warned, "Users who have enabled system encryption with VeraCrypt may face boot issues after July 2026 because Microsoft will revoke the [certificate authority] that was used to sign the VeraCrypt bootloader. A new Microsoft CA must be used for bootloaders to continue working." He elaborated on the potential consequences, stating, "Without access to the Microsoft account used for sending software updates, I will not be able to apply the required new signature to VeraCrypt, making it impossible to boot." He concluded by stating that if this situation is not rectified, it could spell disaster for VeraCrypt users.
This incident is part of a broader trend where companies frequently terminate online accounts without warning. Earlier in the year, developer Paris Buttfield-Addison found themselves locked out of their Apple account after redeeming what they suspected to be a fraudulent gift card from a major retailer. Fortunately, Buttfield-Addison managed to regain their account after the story attracted media attention.
As this situation develops, it serves as a stark reminder of the potential vulnerabilities that come with relying on centralized tech giants for software distribution and account management. VeraCrypt's future, particularly for Windows users, hangs in the balance as Idrassi navigates the challenges posed by Microsoft's account policies.
Source: TechCrunch News