Microsoft has warned that the cryptographic roots underpinning UEFI Secure Boot on Windows devices will begin to expire in June 2026, forcing a global certificate update that every IT team and many end users must plan for now to avoid boot-level insecurities and loss of updateability.
Background...
2026expiration
bitlocker
bootkit
certificate rollover
db
dbx
group policy
intune
kek
linux shim
mdm
oem firmware
pre-boot security
recovery media
secure boot
uefi
vm
windows 11
windows server
windows update
Microsoft released the August 12, 2025 cumulative security update for Windows 11, version 24H2 — KB5063878 (OS Build 26100.4946) — a routine but important monthly package that bundles the latest cumulative fixes, updates to several AI components (targeted at Copilot+ devices), and an updated...
2026expiration
24h2
ai components
air-gapped deployment
august 2025
certificate expiration
certificate expiry 2026
configmgr
copilot ai
copilot+
enterprise rollout
firmware updates
kb5063875
kb5063878
kek ca 2011
kek ca 2023
kek db updates
lcu
oem coordination
oem firmware
os build 22621.5768
os build 26100.4946
patch tuesday
rollout testing
secure boot
secure boot certificates
servicing stack update
ssu
uefi ca 2011
windows 11
windows update
windows update for business
wsus
