Microsoft’s Secure Boot update FAQ makes clear that a coordinated, multi-step transition is now live: Windows will roll new 2023 signing certificates into UEFI variables and update the Windows boot manager to preserve Secure Boot protection ahead of the 2011 CA expirations, but the rollout...
Microsoft has warned that the cryptographic roots underpinning UEFI Secure Boot on Windows devices will begin to expire in June 2026, forcing a global certificate update that every IT team and many end users must plan for now to avoid boot-level insecurities and loss of updateability.
Background...
2026 expiration
bitlocker
bootkit
certificate rollover
db
dbx
group policy
intune
kek
linux shim
mdm
oem firmware
pre-boot security
recovery media
secure boot
uefi
vm
windows 11
windows server
windows update
Microsoft has recently addressed a critical vulnerability in its Secure Boot feature, identified as CVE-2025-3052, which could have allowed attackers to install persistent bootkit malware on most PCs. This flaw, discovered by security researchers at Binarly, involved a legitimate BIOS update...
Source: http://www.pcmag.com/article2/0,2817,2387752,00.asp
As you might notice, in the full article title, Microsoft also says to "Re-install Windows", which was Microsoft's original recommendation.
Reading the full article, you will note that, nowhere, does it say you have to re-install...
antivirus
bootkit
data protection
definitions
driverstartio
infection
live cd
malware
malware removal
master boot record
mbr
microsoft
popureb.e
recovery cd
rollback
security
technet
user data
virus
windows recovery