Your submission includes a weak or invalid code signing certificate.
On June 16, 2022 we announced an update to Store policy. Win32 apps are required to be digitally signed, with a code signing certificate that chains up to a certificate issued by a Certificate Authority (CA) that is part of the Microsoft Trusted Root Program. We would like to inform you that your app must be digitally signed as per this policy before Oct 31, 2022, with a SHA256 code signing certificate.
Previously, all Microsoft Store apps (native UWPs for example) were hosted and signed by the Microsoft Store and received a Microsoft signature. With the change to our policy enabling Win32 apps to be listed in the Microsoft Store, and the removal of the waitlist for submitting Win32s, the new policy requires those apps to be digitally signed, and ensures all apps that customers acquire and download from the Microsoft Store have a trusted digital certificate.
If your app does not include a valid code signing certificate before October 31, 2022 your product may be removed from the Store at that time. Please make the necessary changes to resolve the issue by then and submit an update through Partner Center. No action is being taken now and you are free to submit updates in the meantime.
Meaning developers have to purchase a CA certificate for Win32 apps - the cheapest I found was 69 Euro per year - so the developer is paying for freeware they distribute via the Store.
Fortunately UWP apps at the Store are still signed by MS, so no such hassle with those (not yet anyway)