You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
secure boot certificates
About this tag
Secure boot certificates are the cryptographic keys that verify the integrity of the boot process on Windows PCs. Discussions on WindowsForum.com focus on the expiration of Microsoft's 2011 Secure Boot certificates in June and October 2026, which can cause boot failures, blue screens, BitLocker recovery prompts, and clean install loops on Windows 11 systems. The transition to newer 2023 certificates requires careful management, as unmanaged or firmware-neglected systems may become vulnerable. OEM utilities like Dell SupportAssist and HP firmware updates also interact with Secure Boot, sometimes causing additional issues. Administrators are advised to ensure systems receive the necessary updates and certificate renewals to maintain a secure boot chain.
Microsoft’s 2026 Windows security story is no longer mainly about adding another Defender toggle or hiding another privacy switch; it is about renewing the trust chain beneath Windows 11 while tightening the consent model above it, as Secure Boot certificates from 2011 expire in June and October...
Microsoft released Windows 11 KB5094126 for versions 24H2 and 25H2 and KB5093998 for version 23H2 on June 9, 2026, and early user reports now describe blue screens, freezes, BitLocker recovery prompts, and cloud-sync oddities after installation. The important caveat is that Microsoft’s public...
A Neowin writer reported in June 2026 that two Windows 11 clean installs failed to continue after the first reboot until Secure Boot was temporarily disabled, Windows setup completed, updates were installed, and Secure Boot was then turned back on. The story matters because it turns a quiet...
Microsoft released Windows 11 KB5094126 on June 9, 2026, as the June Patch Tuesday security update for Windows 11 versions 25H2 and 24H2, raising systems to builds 26200.8655 and 26100.8655 while beginning a wider rollout of performance, audio, camera, and Secure Boot changes. The update is...
ai pc
bitlocker recovery
bitlocker secureboot
bluetooth le audio
feature rollout
kb5094126
low latency profile
npu telemetry
patch tuesday
patch tuesday security
performance tuning
performance update
securebootsecurebootcertificates
shared audio
system performance
windows 11
windows 11 security update
windows 11 updates
windows performance
windows servicing
Microsoft’s 2011 Secure Boot certificate family begins expiring in June 2026, and the most consequential deadline is the Microsoft Corporation KEK CA 2011, whose replacement determines whether affected Windows devices can keep receiving future Secure Boot database and revocation updates. The...
bitlocker
certificate revocation
enterprise it
firmware trust
intune
intune management
intune monitoring
kb5094156
kek ca 2011
safe os dynamic update
securebootsecurebootcertificates
uefi certificates
windows 11 23h2
windows it admin
windows security
Microsoft released KB5095185 on June 9, 2026, as a Safe OS Dynamic Update for Windows 11 version 26H1, refreshing the recovery and setup environment while again warning that long-lived Windows Secure Boot certificates begin expiring this month. The update itself is small in presentation but...
bitlocker
it security
kb5093998
kb5094149
kb5095185
safe os dynamic update
securebootsecurebootcertificates
windows 11
windows 11 26h1
windows 11 updates
Dell has released SupportAssist Remediation 5.5.16.1 to fix blue screen crashes and reboot instability caused by version 5.5.16.0 on some Dell and Alienware PCs, while HP is separately investigating BitLocker recovery loops tied to recent BIOS and Secure Boot certificate changes. The common...
bitlocker recovery
dell supportassist
hp bios
hp bios and bitlocker
hp bitlocker
oem firmware updates
secureboot certificate transition
securebootcertificates
windows 11
windows 11 boot failures
Dell and HP PCs have recently hit separate reboot and BitLocker recovery failures, but the common thread is not a broken Windows 11 update so much as OEM maintenance software and firmware colliding with Microsoft’s evolving Secure Boot chain. That distinction matters because it changes both the...
HP’s April 2026 BIOS updates and Dell’s May 2026 SupportAssist Remediation update have caused real Windows 11 failures on affected PCs, including BitLocker recovery loops on HP commercial systems and repeated blue screens on Dell and Alienware machines. The uncomfortable part is that neither...
Microsoft’s current Windows 11 emergency-update picture in June 2026 spans ordinary cumulative servicing, out-of-band setup and servicing updates, and special recovery-style fixes, with Windows 11 24H2 and 25H2 both still receiving monthly cumulative updates such as KB5089549 on May 12, 2026...
Before the June 9, 2026 Patch Tuesday window, Windows 11 administrators and power users should do three separate jobs: validate update servicing, verify Secure Boot certificate readiness, and test visible desktop workflows. Do not collapse those into one generic “patch risk.” KB5089573 is useful...
Microsoft released KB5089592 on May 26, 2026, as a Safe OS Dynamic Update for Windows 11 version 26H1, improving the Windows Recovery Environment while again warning that Secure Boot certificates on most Windows devices begin expiring in June 2026. The update itself is narrow, automatic, and...
Microsoft released KB5096038 on May 26, 2026, as a Safe OS Dynamic Update for Windows 11 versions 24H2 and 25H2, delivering Windows Recovery Environment improvements while repeating a warning that Secure Boot certificates used by most Windows devices begin expiring in June 2026. The update...
Microsoft released KB5096160 on May 26, 2026 as a Setup Dynamic Update for Windows 11 version 26H1, improving the setup files used during feature updates while again warning that Secure Boot certificates on most Windows devices begin expiring in June 2026. The update itself is mundane plumbing...
Microsoft released KB5092765 on May 26, 2026, as a Setup Dynamic Update for Windows 11 versions 24H2 and 25H2, delivering revised setup components through Windows Update, the Microsoft Update Catalog, and WSUS while repeating warnings about Secure Boot certificate expirations beginning in June...
Microsoft released KB5092765 on May 26, 2026, as a Setup Dynamic Update for Windows 11 versions 24H2 and 25H2, improving setup components while repeating its warning that Secure Boot certificates on most Windows devices begin expiring in June 2026 worldwide. The update itself is small, almost...
Microsoft is replacing the original 2011 Secure Boot certificate chain across Windows PCs and servers before certificates begin expiring in June 2026 and continue expiring into October, affecting supported Windows 10, Windows 11, and Windows Server systems that still trust those aging boot...
bitlocker
enterprise it
firmware security
it admin checklist
it administration
it management
it security
it security management
kb5089592
kb5092765
kb5096160
kb5096160 update
safe os dynamic update
securebootsecurebootcertificates
setup dynamic update
uefi certificates
uefi firmware
uefi trust chain
windows 10
windows 10 and 11
windows 11
windows 11 24h2
windows 11 26h1
windows 11 security
windows 11 servicing
windows recovery environment
windows security
windows servicing
windows update
winre recovery
winre update
wsus
HP’s April 2026 BIOS updates for commercial Windows 11 PCs have triggered BitLocker recovery loops and boot failures across HP notebooks, desktops, and workstations, while also interfering with Microsoft’s Secure Boot 2023 certificate migration ahead of the June 2026 certificate-expiration...
Microsoft has updated the Secure Boot status report in Windows Autopatch to give Intune administrators device-level visibility into certificate status, trust configuration, rollout confidence, alerts, and restart-dependent readiness as organizations prepare for Secure Boot certificate updates...
Microsoft has acknowledged a Windows 11 update bug affecting some devices that can download February 2026 security updates but fail to fetch March, April, May, and later updates through Settings with error 0x80010002. The failure is not a corrupt-PC mystery, a bad disk omen, or another case of...