You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
kb5094156
About this tag
The tag kb5094156 covers discussions about the Microsoft Secure Boot 2011 KEK CA expiration in June 2026. This certificate family affects Windows and Linux devices, with the Microsoft Corporation KEK CA 2011 being the most critical deadline. Without proper replacement, affected Windows machines may lose the ability to receive future Secure Boot database and revocation updates. The issue is described as a gradual security posture degradation rather than an immediate boot failure, making it a form of infrastructure debt that can expose organizations to boot-level vulnerabilities months later. The tag focuses on migration risks, certificate expiration timelines, and the importance of refreshing Secure Boot trust plumbing before the deadline.
Microsoft’s 2011 Secure Boot certificate family begins expiring in June 2026, and the most consequential deadline is the Microsoft Corporation KEK CA 2011, whose replacement determines whether affected Windows devices can keep receiving future Secure Boot database and revocation updates. The...
bitlocker
certificate revocation
enterprise it
firmware trust
intune
intune management
intune monitoring
kb5094156
kek ca 2011
safe os dynamic update
secure boot
secure boot certificates
uefi certificates
windows 11 23h2
windows it admin
windows security