secure boot certificates

A Neowin writer reported in June 2026 that two Windows 11 clean installs failed to continue after the first reboot until Secure Boot was temporarily disabled, Windows setup completed, updates were installed, and Secure Boot was then turned back on. The story matters because it turns a quiet...

Microsoft released Windows 11 KB5094126 on June 9, 2026, as the June Patch Tuesday security update for Windows 11 versions 25H2 and 24H2, raising systems to builds 26200.8655 and 26100.8655 while beginning a wider rollout of performance, audio, camera, and Secure Boot changes. The update is...

Microsoft’s 2011 Secure Boot certificate family begins expiring in June 2026, and the most consequential deadline is the Microsoft Corporation KEK CA 2011, whose replacement determines whether affected Windows devices can keep receiving future Secure Boot database and revocation updates. The...

Microsoft released KB5095185 on June 9, 2026, as a Safe OS Dynamic Update for Windows 11 version 26H1, refreshing the recovery and setup environment while again warning that long-lived Windows Secure Boot certificates begin expiring this month. The update itself is small in presentation but...

Dell has released SupportAssist Remediation 5.5.16.1 to fix blue screen crashes and reboot instability caused by version 5.5.16.0 on some Dell and Alienware PCs, while HP is separately investigating BitLocker recovery loops tied to recent BIOS and Secure Boot certificate changes. The common...

Dell and HP PCs have recently hit separate reboot and BitLocker recovery failures, but the common thread is not a broken Windows 11 update so much as OEM maintenance software and firmware colliding with Microsoft’s evolving Secure Boot chain. That distinction matters because it changes both the...

HP’s April 2026 BIOS updates and Dell’s May 2026 SupportAssist Remediation update have caused real Windows 11 failures on affected PCs, including BitLocker recovery loops on HP commercial systems and repeated blue screens on Dell and Alienware machines. The uncomfortable part is that neither...

Microsoft’s current Windows 11 emergency-update picture in June 2026 spans ordinary cumulative servicing, out-of-band setup and servicing updates, and special recovery-style fixes, with Windows 11 24H2 and 25H2 both still receiving monthly cumulative updates such as KB5089549 on May 12, 2026...

Before the June 9, 2026 Patch Tuesday window, Windows 11 administrators and power users should do three separate jobs: validate update servicing, verify Secure Boot certificate readiness, and test visible desktop workflows. Do not collapse those into one generic “patch risk.” KB5089573 is useful...

Microsoft released KB5089592 on May 26, 2026, as a Safe OS Dynamic Update for Windows 11 version 26H1, improving the Windows Recovery Environment while again warning that Secure Boot certificates on most Windows devices begin expiring in June 2026. The update itself is narrow, automatic, and...

Microsoft released KB5096038 on May 26, 2026, as a Safe OS Dynamic Update for Windows 11 versions 24H2 and 25H2, delivering Windows Recovery Environment improvements while repeating a warning that Secure Boot certificates used by most Windows devices begin expiring in June 2026. The update...

Microsoft released KB5096160 on May 26, 2026 as a Setup Dynamic Update for Windows 11 version 26H1, improving the setup files used during feature updates while again warning that Secure Boot certificates on most Windows devices begin expiring in June 2026. The update itself is mundane plumbing...

Microsoft released KB5092765 on May 26, 2026, as a Setup Dynamic Update for Windows 11 versions 24H2 and 25H2, delivering revised setup components through Windows Update, the Microsoft Update Catalog, and WSUS while repeating warnings about Secure Boot certificate expirations beginning in June...

Microsoft released KB5092765 on May 26, 2026, as a Setup Dynamic Update for Windows 11 versions 24H2 and 25H2, improving setup components while repeating its warning that Secure Boot certificates on most Windows devices begin expiring in June 2026 worldwide. The update itself is small, almost...

Microsoft is replacing the original 2011 Secure Boot certificate chain across Windows PCs and servers before certificates begin expiring in June 2026 and continue expiring into October, affecting supported Windows 10, Windows 11, and Windows Server systems that still trust those aging boot...

HP’s April 2026 BIOS updates for commercial Windows 11 PCs have triggered BitLocker recovery loops and boot failures across HP notebooks, desktops, and workstations, while also interfering with Microsoft’s Secure Boot 2023 certificate migration ahead of the June 2026 certificate-expiration...

Microsoft has updated the Secure Boot status report in Windows Autopatch to give Intune administrators device-level visibility into certificate status, trust configuration, rollout confidence, alerts, and restart-dependent readiness as organizations prepare for Secure Boot certificate updates...

Microsoft has acknowledged a Windows 11 update bug affecting some devices that can download February 2026 security updates but fail to fetch March, April, May, and later updates through Settings with error 0x80010002. The failure is not a corrupt-PC mystery, a bad disk omen, or another case of...

Microsoft’s May 2026 Windows update begins a broad Secure Boot certificate transition for most Windows devices ahead of June 2026 expirations, adding new deployment machinery and, on Windows 11, a visible SecureBoot folder that has startled users who were not expecting it. This is not a cosmetic...

Microsoft has confirmed that the new C:\Windows\SecureBoot folder appearing after Windows 11’s May 2026 cumulative update, KB5089549, is expected behavior, not a bug, and exists to support the ongoing rollout of replacement Secure Boot certificates before older 2011-era certificates expire this...