Microsoft’s blunt reminder landed in February: the cryptographic certificates that underpin UEFI Secure Boot — the very mechanism that helps stop malware from running before Windows ever starts — are reaching the end of their designed lifetimes in mid‑2026, and the consequences for the many PCs...
Microsoft’s blunt warning about expiring Secure Boot certificates has moved from obscure infrastructure maintenance into a practical security deadline: the original Microsoft Secure Boot certificates deployed in 2011 begin expiring in June 2026, and systems that don’t receive the replacement...
Windows 10 users who think “it still boots, so I’m fine” are being handed a quietly serious maintenance problem: Microsoft is replacing the Secure Boot certificates that have underpinned Windows’ pre‑boot trust model since 2011, and machines that don’t receive the new certificates will continue...
Microsoft’s decision to rotate out 2011-era Secure Boot certificates has turned what many Windows 10 holdouts already feared into an urgent timetable: machines that remained on Windows 10 after Microsoft’s October 14, 2025 end-of-support date now face an additional, platform-level security gap...
Your PC’s ability to boot tomorrow depends on digital trust decisions made years ago — and those cryptographic certificates are about to reach their end-of-life in mid‑2026 unless your machine has already been updated.
Background: why this matters now
Secure Boot is the pre‑OS gatekeeper that...
Microsoft and the PC industry have quietly opened a narrow but critical window to prevent a pre‑OS security gap this year: Windows will start rolling replacement Secure Boot certificates into device firmware via staged OS updates, while Microsoft is simultaneously intensifying its public push...
certificate authority
certificateexpirationcertificate rotation
certificate updates
extended security updates
firmware update
firmware updates
secure boot
uefi
upgrade windows 11
windows 10
windows 10 esu
windows 11
windows security
windows update
IT administrators now have practical, fleet-scale ways to check whether Windows devices are carrying the updated Secure Boot certificate chain and whether they’re ready to accept the upcoming Secure Boot updates — a crucial capability as Microsoft and OEMs rotate the platform’s cryptographic...
Logitech’s Mac utility ecosystem hit a sudden and disruptive snag this week after an Apple Developer signing certificate expired, leaving Logi Options+ and G HUB unable to start on macOS and knocking advanced mouse and keyboard features offline for countless users worldwide. The outage was...
Microsoft’s August preview for Windows 11 landed as a routine quality flight, but tucked inside the notes is a high‑priority operational alert that every IT manager and many savvy consumers should treat like a dated calendar item: several Secure Boot certificates issued around 2011 are scheduled...
Microsoft has warned enterprise IT teams that the root Secure Boot certificates baked into most Windows devices since 2012 will begin expiring in 2026, and it is rolling out a new 2023 certificate chain to prevent boot‑time security updates from failing — a change that requires coordinated...
Microsoft’s September preview update pushed an urgent reminder to IT teams and advanced users: Secure Boot certificates used broadly across Windows devices are scheduled to start expiring in June 2026, and without coordinated firmware and OS updates some machines may be unable to boot securely...
Microsoft released a targeted hotpatch—KB5065474—on September 9, 2025, for Windows 11 Enterprise (24H2 / LTSC 2024) that advances eligible devices to OS Build 26100.6508, delivers a focused app-compatibility / UAC repair, and includes two operational advisories administrators must treat as high...
Microsoft’s Secure Boot update FAQ makes clear that a coordinated, multi-step transition is now live: Windows will roll new 2023 signing certificates into UEFI variables and update the Windows boot manager to preserve Secure Boot protection ahead of the 2011 CA expirations, but the rollout...
2011
2011-certs
2023 ca
2023-certs
bios
bitlocker
boot manager
bootkit
ca2023
certificatecertificateexpirationcertificate rollover
cve-2023-24932
db
dbx
dual boot
efi
enterprise it
esu
firmware
it administration
kek
lcu
linux
linux boot
linux compatibility
linux shim
oem
oem firmware
os upgrade
recovery
recovery media
recovery usb
rollback
secure boot
servicing stack update
shim
signaturedatabase
ssu
svn
uefi
vendor-update
virtual machine
virtualization
windows 10
windows 11
windows update
Microsoft released a targeted hotpatch on September 9, 2025 — KB5065474 — for Windows 11 Enterprise (version 24H2 / LTSC 2024) that advances eligible machines to OS Build 26100.6508, delivers a focused app-compatibility/UAC fix, bundles a servicing stack update (SSU), and warns administrators...
Microsoft released a September 9, 2025 hotpatch—KB5065474—for Windows 11 Enterprise LTSC 2024 that advances hotpatch coverage to a new OS build (26100.6508), addresses a notable UAC/MSI compatibility issue, and includes a known‑issue advisory that affects PowerShell Direct (PSDirect)...
Microsoft has released the September 2025 cumulative security update for Windows 11, version 24H2 — KB5065426 (OS Build 26100.6584) — a combined Latest Cumulative Update (LCU) and Servicing Stack Update (SSU) that delivers security hardening, targeted bug fixes, AI component updates for Copilot+...
24h2
ai components
certificateexpiration
copilot
enterprise it
extended security updates
file explorer ai
hotpatching
june 2026
kb5065426
kerberos
lcu
microsoft update catalog
oem
on-device ai
passkeys windows hello
patch
powershell 2.0 removal
psdirect
recall feature
secure boot
smb auditing
smb signing
ssu
ssu-lcu
task manager
taskbar
windows 11
windows 11 24h2
windows backup
windows update
wsus
wusa
Microsoft released a hotpatch—KB5065474—on September 9, 2025, for Windows 11 Enterprise LTSC 2024 that updates eligible devices to OS Build 26100.6508 and delivers targeted security and quality fixes while calling attention to an important Secure Boot certificate expiration window and a specific...
Microsoft has published KB5066360, a hotpatch that updates Windows PowerShell on Windows 11 Enterprise LTSC 2024 to OS Build 26100.6569, addressing a specific PSDirect connectivity failure that could, under narrow conditions, allow unauthorized non-administrator access between host and guest...
Microsoft published a new Setup Dynamic Update package, KB5065378, for Windows 11, version 24H2 and Windows Server 2025 on August 29, 2025 — a narrowly scoped but important backstage update that refreshes the setup binaries and SafeOS components used during feature updates and installations. The...
Microsoft released an out‑of‑band (OOB) non‑security update on August 19, 2025 — KB5066189 for Windows 11 (OS Builds 22621.5771 and 22631.5771) — to repair a regression introduced by August’s cumulative updates that can block device reset and recovery operations, and to deliver a servicing stack...