secure boot

Microsoft released KB5089570 on May 26, 2026, as a preview cumulative update for Windows 11 version 26H1, moving supported systems to OS Build 28000.2179 and delivering non-security fixes, staged feature rollouts, servicing-stack changes, and Copilot+ PC AI component updates. The surface story...

Microsoft’s original 2011 Secure Boot certificates for Windows PCs begin expiring in June 2026, and Microsoft is rolling out 2023 replacement certificates through Windows Update so supported UEFI systems can keep validating trusted boot software without losing future early-boot security...

Microsoft’s original Windows Secure Boot certificates, issued in 2011 and embedded across years of PCs, begin expiring in June 2026, forcing Microsoft, OEMs, administrators, and some users to move devices to newer 2023 certificate authorities before boot-level security protections fall behind...

Microsoft will begin running into the first expirations of its original 2011 Secure Boot certificate chain in June 2026, forcing Windows PCs, servers, recovery media, and firmware ecosystems to move to newer 2023 certificates through a staged Windows Update process. The practical sign for many...

Microsoft is warning Windows 11 users and IT administrators in May 2026 to update Secure Boot certificates before 2011-era Microsoft certificates begin expiring in June 2026, with additional expirations stretching into October, so supported PCs can keep receiving boot-level security protections...

Microsoft’s 2011-era Secure Boot certificates begin expiring on June 24, 2026, and Windows PCs that have not moved to the 2023 certificate chain should still boot, but they may lose future boot-level security protections and eventually hit upgrade or servicing barriers. That is the important...

The first Microsoft Secure Boot certificate from the Windows 8 era expires on June 24, 2026, beginning a staged retirement of 2011 trust anchors that still underpin boot security on many Windows PCs, servers, and embedded systems. The immediate danger is not a wave of unbootable laptops. It is...

Microsoft is replacing the original 2011 Secure Boot certificate chain across Windows PCs and servers before certificates begin expiring in June 2026 and continue expiring into October, affecting supported Windows 10, Windows 11, and Windows Server systems that still trust those aging boot...

Microsoft acknowledged on May 15, 2026 that Windows 11 security update KB5089549, released for versions 24H2 and 25H2, can fail during installation with error 0x800f0922 on devices whose EFI System Partition has very little free space. That detail matters because this is not just another vague...

Microsoft’s May 12, 2026 Windows 11 cumulative update KB5089549 adds a new C:\Windows\SecureBoot folder on eligible PCs, packaging sample PowerShell automation for the Secure Boot certificate migration that organizations must complete before older 2011-era trust certificates begin expiring in...

Microsoft’s June 2026 Secure Boot certificate deadline affects most Windows devices that still depend on Microsoft’s 2011-era boot trust certificates, and the immediate fix is installing current Windows updates, allowing the machine to restart, and leaving the new Secure Boot remediation files...

Microsoft’s May 12, 2026 Windows 11 security update KB5089549 fixes a BitLocker recovery problem caused by April boot-file changes, but Microsoft added a May 15 warning that some PCs with cramped EFI System Partitions may fail installation with error 0x800f0922. That is the most Windows update...

Microsoft’s May 12, 2026 Windows 10 extended security update, KB5087544, adds Secure Boot status reporting to the Windows Security app before Microsoft’s original 2011 Secure Boot certificates begin expiring in June 2026 across many Windows devices. The update is not just another Patch Tuesday...

Microsoft released KB5087544 on May 12, 2026, for Windows 10 Enterprise LTSC 2021, Windows 10 IoT Enterprise LTSC 2021, and eligible Extended Security Updates systems, fixing May Patch Tuesday security flaws while correcting Remote Desktop warning behavior and Secure Boot reporting. The update...

Microsoft’s May 18 Secure Boot AMA is aimed squarely at IT administrators preparing for the June 2026 expiration of older Windows Secure Boot certificates, and one enterprise question now captures the central deployment dilemma: whether successful OEM firmware updates can stand in for...

Microsoft released Windows 11 cumulative updates KB5089549 and KB5087420 on May 12, 2026, moving versions 25H2 and 24H2 to builds 26200.8457 and 26100.8457, and version 23H2 to build 22631.7079, across its regular Patch Tuesday servicing channels. The headline is security, but the story is...

Microsoft released Windows 10 KB5087544 on May 12, 2026, as the May Patch Tuesday cumulative security update for Windows 10 22H2 ESU systems, raising supported 22H2 machines to build 19045.7291 and adding new Secure Boot status reporting in the Windows Security app. The update is not a feature...

Microsoft disclosed CVE-2026-41097 on May 12, 2026, as an Important Secure Boot security feature bypass affecting supported Windows client and server releases, with required security updates available and Microsoft saying the issue is not publicly disclosed or exploited. The vulnerability is not...

Microsoft published KB5087594 on May 12, 2026 as a Safe OS Dynamic Update for Windows 11 version 23H2, tying another servicing package to the larger Secure Boot certificate rollover that begins affecting Windows devices in June 2026. The update itself is not a flashy feature release; it is...

Microsoft released KB5089593 on May 12, 2026, as a Safe OS Dynamic Update for Windows 11 versions 24H2 and 25H2, updating the Windows Recovery Environment while again warning that Secure Boot certificates used by most Windows devices begin expiring in June 2026. The smallness of the package is...