Microsoft’s September preview update pushed an urgent reminder to IT teams and advanced users: Secure Boot certificates used broadly across Windows devices are scheduled to start expiring in June 2026, and without coordinated firmware and OS updates some machines may be unable to boot securely...
Microsoft has warned that several of the Secure Boot certificates baked into Windows devices a decade ago will begin to expire in mid‑2026, forcing a coordinated certificate rollover that every PC owner and IT team should plan for now to avoid loss of pre‑boot updates, compatibility problems...
Microsoft’s Secure Boot update FAQ makes clear that a coordinated, multi-step transition is now live: Windows will roll new 2023 signing certificates into UEFI variables and update the Windows boot manager to preserve Secure Boot protection ahead of the 2011 CA expirations, but the rollout...
Microsoft has warned that the cryptographic roots underpinning UEFI Secure Boot on Windows devices will begin to expire in June 2026, forcing a global certificate update that every IT team and many end users must plan for now to avoid boot-level insecurities and loss of updateability.
Background...
2026 expiration
bitlocker
bootkit
certificaterollover
db
dbx
group policy
intune
kek
linux shim
mdm
oem firmware
pre-boot security
recovery media
secure boot
uefi
vm
windows 11
windows server
windows update
Microsoft’s August cumulative update for Windows 11, version 24H2 — KB5063878 (OS Build 26100.4946) — ships as a combined Servicing Stack Update (SSU) plus Latest Cumulative Update (LCU), bringing routine security and quality fixes while renewing attention on an industry-wide operational...
Microsoft released the August 12, 2025 cumulative update for Windows 11 servicing branches that use OS builds 22621 and 22631 — published as KB5063875, updating systems to OS Build 22621.5768 / 22631.5768 — a standard Patch Tuesday security rollup that Microsoft bundles with a servicing-stack...
When preparing your organization's Windows ecosystem for a pivotal infrastructure update, few developments in recent years compare to the anticipated expiration of Secure Boot certificates in June 2026. Behind every modern Windows startup—whether it’s on an enterprise desktop, a home PC, or a...