Microsoft has added a Secure Boot status report to Windows Autopatch in the Intune admin center to help organizations identify Windows devices that have not received the 2023 UEFI Secure Boot certificates before legacy 2011 certificates begin expiring in June 2026. The move is less a cosmetic...
Microsoft’s June 2026 Patch Tuesday for Windows 11 is scheduled for June 9, bringing the usual security fixes alongside new user-facing features such as low-latency performance boosts, Shared Audio, richer NPU monitoring, setup-time user-folder naming, and Secure Boot certificate updates. The...
Microsoft’s June 2026 Secure Boot AMA focused on the enterprise fallout from expiring 2011-era Secure Boot certificates, warning that Windows fleets may keep booting after the deadline while silently losing access to future boot trust updates, revocation protections, and predictable...
Organizations preparing for the Secure Boot certificate rollover that begins in June 2026 should first inventory Secure Boot status, apply OEM firmware updates where needed, test Microsoft’s certificate deployment path, and treat older hardware and virtualized systems as validation risks rather...
Microsoft’s 2011 Secure Boot certificate family begins expiring in June 2026, and the most consequential deadline is the Microsoft Corporation KEK CA 2011, whose replacement determines whether affected Windows devices can keep receiving future Secure Boot database and revocation updates. The...
bitlocker
certificate revocation
enterprise it
firmware trust
intune
intune management
intune monitoring
kb5094156
kek ca 2011
safe os dynamic update
securebootsecureboot certificates
uefi certificates
windows 11 23h2
windows it admin
windows security
The Windows 11 Installation Assistant is Microsoft’s upgrade tool for moving an existing Windows PC to Windows 11, but it succeeds only when the machine passes Microsoft’s compatibility checks, including x64 processor support, TPM 2.0, Secure Boot capability, licensing, storage, and setup...
Microsoft’s May 2026 Windows recap tells administrators that June will be dominated by Secure Boot certificate rollover work, default-on Windows hotpatching through Autopatch, new Intune-era management controls, and a fresh wave of Windows 11 features landing first through optional updates. The...
Microsoft released KB5092765 on May 26, 2026 as a Setup Dynamic Update for Windows 11 versions 24H2 and 25H2, improving setup reliability while again warning that older Secure Boot certificates used by most Windows devices begin expiring in June 2026. The update itself is not the drama; the...
Microsoft is replacing the 2011 Secure Boot certificates used by many Windows PCs before they begin expiring in late June 2026, because machines that miss the update may keep running but lose future boot-level protections, malware revocation updates, and potentially compatibility with later...
Microsoft published KB5089592 on May 26, 2026, as a Safe OS Dynamic Update for Windows 11 version 26H1 that refreshes the Windows Recovery Environment, replaces KB5089591, and arrives with a prominent warning about Secure Boot certificates beginning to expire in June 2026. That warning is the...
Microsoft released KB5096160 on May 26, 2026 as a Setup Dynamic Update for Windows 11 version 26H1, a narrowly scoped install-time package that refreshes setup components while repeating the company’s warning that Secure Boot certificates begin expiring in June 2026. The update is not the story...
Microsoft released KB5092765 on May 26, 2026, as a Setup Dynamic Update for Windows 11 versions 24H2 and 25H2, improving setup components while repeating its warning that Secure Boot certificates on most Windows devices begin expiring in June 2026 worldwide. The update itself is small, almost...
Microsoft published KB5089592 on May 26, 2026, as a Safe OS Dynamic Update for Windows 11 version 26H1, while again warning that Secure Boot certificates used by most Windows devices begin expiring in June 2026. The update itself is narrow, but the timing is not. Microsoft is using the machinery...
Microsoft released KB5089573 on May 26, 2026, as the optional non-security preview update for Windows 11 version 25H2 and 24H2, moving supported systems to OS builds 26200.8524 and 26100.8524 while also documenting a lingering installation failure tied to May’s earlier KB5089549 update. The...
cpu boost
cpu frequency boost
efi system partition
it admin guidance
kb5089573
kb5089573 kb5089570
kb5089573 preview
kb5089573 update
known issue rollback
low latency profile
optional preview update
optional updates
performance optimization
performance tuning
performance tweaks
performance update
preview update
secureboot
security updates
system performance
task manager npu
update failures 0x800f0922
week d preview
windows 11
windows 11 25h2 24h2
windows 11 preview
windows 11 servicing
windows 11 updates
windows servicing
windows update
windows update error 0x800f0922
windows update errors
windows update failure
Microsoft released KB5096160 on May 26, 2026, as a Setup Dynamic Update for Windows 11 version 26H1 that refreshes setup-related files for feature updates and repeats Microsoft’s warning that aging Secure Boot certificates begin expiring in June 2026. That pairing is the story: a routine-looking...
Microsoft released KB5089570 on May 26, 2026, as a preview cumulative update for Windows 11 version 26H1, moving supported systems to OS Build 28000.2179 and delivering non-security fixes, staged feature rollouts, servicing-stack changes, and Copilot+ PC AI component updates. The surface story...
Microsoft’s original 2011 Secure Boot certificates for Windows PCs begin expiring in June 2026, and Microsoft is rolling out 2023 replacement certificates through Windows Update so supported UEFI systems can keep validating trusted boot software without losing future early-boot security...
Microsoft’s original Windows Secure Boot certificates, issued in 2011 and embedded across years of PCs, begin expiring in June 2026, forcing Microsoft, OEMs, administrators, and some users to move devices to newer 2023 certificate authorities before boot-level security protections fall behind...
Microsoft will begin running into the first expirations of its original 2011 Secure Boot certificate chain in June 2026, forcing Windows PCs, servers, recovery media, and firmware ecosystems to move to newer 2023 certificates through a staged Windows Update process. The practical sign for many...
Microsoft is warning Windows 11 users and IT administrators in May 2026 to update Secure Boot certificates before 2011-era Microsoft certificates begin expiring in June 2026, with additional expirations stretching into October, so supported PCs can keep receiving boot-level security protections...