You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
secure boot
About this tag
Secure Boot is a UEFI firmware security feature that validates boot components before the operating system loads, forming a critical trust anchor in Windows security. In June 2026, Microsoft's original 2011 Secure Boot certificates began expiring, requiring a transition to newer 2023 certificate authorities. This certificate rollover affects Windows 10, Windows 11, and Windows Server devices, with Microsoft and OEMs like Dell, HP, Lenovo, ASUS, and Surface providing updates via Windows Update and firmware patches. While most supported consumer PCs should continue booting normally, the expiration exposes challenges in managing firmware trust chains across diverse hardware. IT administrators must verify certificate status, apply updates, and ensure boot-chain integrity to prevent gradual security erosion. The transition highlights that Windows security depends on coordinated efforts between Microsoft, OEMs, and users.
Microsoft’s June 2026 Windows news roundup centers on Secure Boot certificate deployment, Windows 11 preview updates, hotpatching tradeoffs, Windows Autopatch reporting, and the growing pressure on IT administrators to manage Windows as a continuously measured security platform rather than a...
Microsoft has updated its Windows 10 consumer Extended Security Updates language to say enrolled PCs can keep receiving security-only updates until October 12, 2027, effectively giving holdout users a second post-retirement year after the operating system’s formal end of support on October 14...
bitlocker secureboot
cybersecurity
cybersecurity patching
device support
end of support
esu extended security updates
esu program
esu security updates
esu updates
extended security updates
extended security updates esu
it lifecycle
it planning
microsoft account
microsoft esu
microsoft support lifecycle
pc lifecycle
pc lifecycle management
pc migration
pc security
pc upgrade planning
secureboot
security patching
security updates
tpm 2.0 requirements
tpm secureboot
windows 10
windows 10 end of support
windows 10 esu
windows 11
windows 11 hardware requirements
windows 11 migration
windows 11 requirements
windows 11 upgrade
windows lifecycle
windows security updates
windows update
Microsoft’s consumer Extended Security Updates program now gives eligible Windows 10 PCs security patches until October 12, 2027, after Windows 10’s mainstream support ended on October 14, 2025, but staying put still requires enrollment, updated boot certificates, backups, and stricter security...
Microsoft on June 29, 2026 published KB5105943 to explain why some Windows 10, Windows 11, and Windows Server devices are being blocked from receiving updated Secure Boot certificates, and what happens if those machines reach certificate expiration without the new trust material installed. The...
Microsoft’s original 2011 Secure Boot certificates began expiring in June 2026 across Windows-era UEFI PCs, forcing Microsoft, OEMs, and IT departments to move affected machines onto newer 2023 certificate authorities through Windows Update, firmware updates, or managed deployment tools. The...
Microsoft’s first-generation Secure Boot certificates began expiring on June 24, 2026, affecting the trust chain used by Windows PCs to validate boot components before the operating system loads, while Microsoft and major OEMs are moving supported Windows 10 and Windows 11 devices to replacement...
Microsoft’s Secure Boot certificate rollover reached its first real deadline in June 2026, and PC makers including Dell, HP, Lenovo, ASUS, Acer, MSI, Samsung, LG, and Microsoft’s Surface team have now published model-specific guidance for updating affected Windows devices. The headline is...
Ventoy 1.1.15 was released on June 25, 2026, following Ventoy 1.1.14 on June 24, to update the tool’s Secure Boot shim for Microsoft’s UEFI CA 2023 transition and fix a boot failure when Secure Boot is disabled. That sounds like a niche maintenance release for a niche utility, but it lands at...
Microsoft’s original Secure Boot trust chain began expiring on June 24, 2026, when the Microsoft Corporation KEK CA 2011 certificate reached its end date on Windows PCs, servers, and other UEFI devices that still depend on the 2011-era keys. The immediate risk is not that millions of machines...
Ventoy 1.1.15 arrived on June 25, 2026, after two rapid-fire predecessor releases, adding support for Microsoft’s 2023 Secure Boot certificate transition and fixing a boot failure that could affect systems with Secure Boot disabled. The update looks like a small utility changelog, but it lands...
More than a billion Secure Boot-capable Windows PCs entered a staged certificate transition on June 24, 2026, as Microsoft’s 2011-era Secure Boot trust anchors began reaching expiration, forcing Windows, OEM firmware, deployment media, Linux bootloaders, and enterprise recovery workflows onto...
Microsoft is urging Windows users and IT administrators in June 2026 to continue deploying updated Secure Boot certificates across PCs, servers, and virtual machines using phased rollouts, current firmware, Windows updates, validation tooling, and established management channels such as Intune...
Microsoft is telling Windows users and IT administrators in June 2026 to continue phased Secure Boot certificate deployments using Windows updates, OEM firmware, validation tooling, and staged rollout practices as the ecosystem moves from aging 2011 certificates toward newer 2023 Secure Boot...
bitlocker
certificate rollover
enterprise it
firmware certificates
intune rollout
oem firmware
secureboot
uefi certificates
uefi firmware
windows 10
windows 11
windows it management
windows security
windows update
Microsoft used the June 2026 Windows quality updates to broaden automatic deployment of 2023 Secure Boot certificates to eligible Windows 10 and Windows 11 PCs before the first major 2011-era certificate expired on June 24, 2026. That sounds like a quiet plumbing job, but it is really the first...
Microsoft’s first major Secure Boot certificate deadline arrived on June 24, 2026, as the Microsoft Corporation KEK CA 2011 certificate reached expiration and began the PC ecosystem’s transition to a newer 2023 trust chain across Windows devices. The important part is not that PCs suddenly stop...
Microsoft pushed its expanded Secure Boot 2023 certificate rollout to eligible Windows 11 and Windows 10 devices on June 24, 2026, just as the first Microsoft 2011 Secure Boot certificate reached its expiration date. The move is not a normal Patch Tuesday footnote; it is a platform-level trust...
Microsoft published KB5095615 on June 23, 2026, as a Safe OS Dynamic Update for Windows 11 versions 24H2 and 25H2, delivering improvements to the Windows Recovery Environment and replacing the earlier KB5094149 package. That sounds like plumbing, because it is. But it is also the kind of...
Microsoft’s 2011-era Secure Boot certificates begin expiring on June 24, 2026, affecting Windows 10, Windows 11, Windows Server, and managed Windows devices that still rely on those trust anchors for early-boot validation. The practical message is simple: install current Windows updates, check...
Microsoft’s 2011-era Secure Boot certificates begin expiring on June 24, 2026, with Linux-focused Microsoft UEFI signing dependencies following days later and shim-related media facing another deadline on September 11, creating a practical migration crunch for dual-boot users, recovery media...
Microsoft has told Azure customers that Linux virtual machines using Trusted Launch must receive Secure Boot 2023 database and KEK certificate updates before 2011-era Microsoft Secure Boot certificates begin expiring in June 2026, while affected Linux Confidential VMs with old certificates must...