secure boot

Microsoft has quietly begun a coordinated refresh of the cryptographic anchors that underpin Secure Boot on Windows PCs, pushing replacement certificate authorities into firmware and the operating system to avoid a calendar-driven degradation of boot-level trust when Microsoft-issued...

Microsoft has issued a blunt, time‑bound warning: several long‑lived Secure Boot certificates provisioned around 2011 will begin to expire in mid‑2026, and devices that do not transition to Microsoft’s replacement certificate family risk losing the ability to receive security fixes and trust...

Microsoft and OEMs are rolling out a coordinated certificate refresh to replace Microsoft’s long‑lived Secure Boot certificates issued in 2011 — and if your Windows 11 PC doesn’t receive the new certificates before the 2011 keys begin expiring in June 2026 (with additional expiries through...

Microsoft has warned that several long‑lived Secure Boot certificate authorities that Windows and many OEM firmwares depend on will begin to expire in June 2026 (with a final boot‑signing PCA following in October 2026), and Microsoft — together with major OEMs — is actively rolling a replacement...

Microsoft’s February 10, 2026 cumulative update, KB5075941 (OS Build 22631.6649), is notable less for the routine security and stability fixes it delivers than for the way it ties into a looming platform-wide event: the scheduled expiration of Microsoft’s Secure Boot certificates that begins in...

Microsoft published KB5077178 on February 10, 2026 — a Safe OS Dynamic Update that refreshes the Windows Recovery Environment (WinRE) for Windows 11, version 26H1, and it carries two operationally important declarations: the updated WinRE image should report version 10.0.28000.1574 after...

Microsoft is preparing a quiet but critical update to the foundation of Windows platform security: the Secure Boot certificates that firmware uses to validate every component that runs before the operating system. Those original Microsoft certificates issued in 2011 begin to expire in mid‑2026...

Secure Boot’s root certificates are getting a generational refresh — and the Windows ecosystem is executing one of the largest coordinated certificate rollouts in recent memory to ensure PCs keep a trusted boot chain well past June 2026. This update is not an optional security nicety: it...

Microsoft’s warning is short and stark: the Secure Boot certificates that have protected Windows boot chains since 2011 begin expiring in mid‑2026, and while most PCs will receive replacement certificates automatically, a significant minority of systems — especially managed, offline, or...

If you own a Windows PC made since 2011, your machine is part of a global certificate rollover that must complete before critical Secure Boot certificates begin expiring in mid‑2026 — and there are simple checks and concrete steps you can take today to confirm your system is ready. Background...

Microsoft and the PC industry have quietly opened a narrow but critical window to prevent a pre‑OS security gap this year: Windows will start rolling replacement Secure Boot certificates into device firmware via staged OS updates, while Microsoft is simultaneously intensifying its public push...

Microsoft is quietly rolling out a coordinated update to refresh long‑lived Secure Boot certificates because a set of Microsoft‑issued UEFI certificates from 2011 will begin expiring in 2026 — and systems that don’t receive the replacement “2023” certificate family beforehand risk losing the...

Microsofts Warnung vor ablaufenden Secure‑Boot‑Zertifikaten ist kein bloßes Wartungsthema — sie betrifft die Grundlage dessen, wie moderne Windows‑PCs und viele Sicherheits‑Ökosysteme das System‑Startverhalten verifizieren. Microsoft hat dokumentiert, dass mehrere Microsoft‑ausgestellte...

Microsoft’s KB5074110, published on January 29, 2026, is a targeted Setup Dynamic Update for Windows 11, versions 24H2 and 25H2 (and Windows Server 2025) that refreshes the tiny but critical Setup runtime and related binaries used during feature upgrades, media-based installs, and recovery...

Microsoft has quietly given IT teams a new lever: a built‑in Secure Boot status report in the Intune / Windows Autopatch admin surface that lets administrators see, at device granularity, which endpoints have Secure Boot enabled, which are already carrying Microsoft’s replacement Secure Boot...

Microsoft’s management toolchain now surfaces Secure Boot readiness and certificate status inside Intune, giving IT teams a single-pane view and control points to manage the platform-level certificate rotation required before Microsoft’s legacy Secure Boot CAs begin to expire in 2026. This...

IT administrators now have practical, fleet-scale ways to check whether Windows devices are carrying the updated Secure Boot certificate chain and whether they’re ready to accept the upcoming Secure Boot updates — a crucial capability as Microsoft and OEMs rotate the platform’s cryptographic...

Microsoft’s latest round of security hardening is not subtle: it changes core authentication flows, removes long‑standing legacy protocols, and tightens boot and installer behavior in ways that are already breaking devices, apps, and fleet workflows in the wild. These updates are deliberate and...

Microsoft’s long-lived Secure Boot certificates issued around 2011 are scheduled to begin expiring in mid‑2026, and the operating-system and firmware ecosystem is in active, coordinated motion to replace those keys with a new “2023” certificate family to avoid a calendar-driven break in Secure...

Microsoft has begun a coordinated, multi-year hardening of Windows that moves long-standing behaviors—particularly around Kerberos/PAC validation, Netlogon, and Secure Boot certificates—into a stricter, enforcement-first posture, and IT teams must act now to avoid authentication outages, boot...