Microsoft has warned that the cryptographic roots underpinning UEFI Secure Boot on Windows devices will begin to expire in June 2026, forcing a global certificate update that every IT team and many end users must plan for now to avoid boot-level insecurities and loss of updateability.
Background...
2026 expiration
bitlocker
bootkit
certificaterollover
db
dbx
group policy
intune
kek
linux shim
mdm
oem firmware
pre-boot security
recovery media
secure boot
uefi
vm
windows 11
windows server
windows update
Microsoft’s August cumulative update for Windows 11, version 24H2 — KB5063878 (OS Build 26100.4946) — ships as a combined Servicing Stack Update (SSU) plus Latest Cumulative Update (LCU), bringing routine security and quality fixes while renewing attention on an industry-wide operational...
Microsoft released the August 12, 2025 cumulative update for Windows 11 servicing branches that use OS builds 22621 and 22631 — published as KB5063875, updating systems to OS Build 22621.5768 / 22631.5768 — a standard Patch Tuesday security rollup that Microsoft bundles with a servicing-stack...
When preparing your organization's Windows ecosystem for a pivotal infrastructure update, few developments in recent years compare to the anticipated expiration of Secure Boot certificates in June 2026. Behind every modern Windows startup—whether it’s on an enterprise desktop, a home PC, or a...