secure boot

Microsoft has begun a coordinated refresh of the Secure Boot certificates that underpin Windows’ pre‑boot trust model, and the change will accelerate through March as Microsoft, OEMs and IT teams push a staged, telemetry‑gated rollout to keep devices secure before the legacy certificates begin...

Microsoft has quietly begun a coordinated refresh of the Secure Boot certificate chain that underpins modern Windows platform security, rolling new 2023-era certificate authorities into firmware and Windows updates so devices running Windows 10 and Windows 11 can continue to trust and receive...

Microsoft and the PC ecosystem are executing a quiet—but urgent—“generational refresh” of the cryptographic anchors that protect the very first code your PC runs, replacing Secure Boot certificates issued in 2011 with a new 2023 certificate family so billions of Windows PCs can keep receiving...

If your PC boots with Secure Boot turned on, there’s a maintenance deadline this year: the Microsoft-supplied Secure Boot certificates that have guarded Windows startup since 2011 are being replaced, and some of those original certificates begin expiring in June 2026 (with the remaining ones set...

Microsoft is rolling out a coordinated refresh of the Secure Boot certificates that have anchored Windows boot security since 2011, and if you run Windows on older hardware you should treat this as a time‑sensitive maintenance event: new 2023 certificate authorities will be injected through...

Microsoft’s warning that some Windows PCs will enter a “degraded security state” unless they receive updated Secure Boot certificates is not marketing fearmongering — it’s a technical deadline with practical consequences, and it demands action now from IT teams and home users alike. Background...

Microsoft and PC OEMs are coordinating a broad, time‑sensitive replacement of the Secure Boot certificates first deployed in 2011 — the original Microsoft UEFI/KEK/PCA certificates begin expiring in June 2026 (with a remaining production PCA following later in 2026). Microsoft has issued a...

Microsoft’s February 10, 2026 cumulative updates for Windows 11 quietly carried more than routine security fixes — they continued a staged rollout that will refresh the operating system’s Secure Boot certificate chain ahead of a looming expiry window that begins in June 2026. What looks like a...

Microsoft has quietly begun a coordinated refresh of the cryptographic anchors that underpin Secure Boot on Windows PCs, pushing replacement certificate authorities into firmware and the operating system to avoid a calendar-driven degradation of boot-level trust when Microsoft-issued...

Microsoft has issued a blunt, time‑bound warning: several long‑lived Secure Boot certificates provisioned around 2011 will begin to expire in mid‑2026, and devices that do not transition to Microsoft’s replacement certificate family risk losing the ability to receive security fixes and trust...

Microsoft and OEMs are rolling out a coordinated certificate refresh to replace Microsoft’s long‑lived Secure Boot certificates issued in 2011 — and if your Windows 11 PC doesn’t receive the new certificates before the 2011 keys begin expiring in June 2026 (with additional expiries through...

Microsoft has warned that several long‑lived Secure Boot certificate authorities that Windows and many OEM firmwares depend on will begin to expire in June 2026 (with a final boot‑signing PCA following in October 2026), and Microsoft — together with major OEMs — is actively rolling a replacement...

Microsoft’s February 10, 2026 cumulative update, KB5075941 (OS Build 22631.6649), is notable less for the routine security and stability fixes it delivers than for the way it ties into a looming platform-wide event: the scheduled expiration of Microsoft’s Secure Boot certificates that begins in...

Microsoft published KB5077178 on February 10, 2026 — a Safe OS Dynamic Update that refreshes the Windows Recovery Environment (WinRE) for Windows 11, version 26H1, and it carries two operationally important declarations: the updated WinRE image should report version 10.0.28000.1574 after...

Microsoft is preparing a quiet but critical update to the foundation of Windows platform security: the Secure Boot certificates that firmware uses to validate every component that runs before the operating system. Those original Microsoft certificates issued in 2011 begin to expire in mid‑2026...

Secure Boot’s root certificates are getting a generational refresh — and the Windows ecosystem is executing one of the largest coordinated certificate rollouts in recent memory to ensure PCs keep a trusted boot chain well past June 2026. This update is not an optional security nicety: it...

Microsoft’s warning is short and stark: the Secure Boot certificates that have protected Windows boot chains since 2011 begin expiring in mid‑2026, and while most PCs will receive replacement certificates automatically, a significant minority of systems — especially managed, offline, or...

If you own a Windows PC made since 2011, your machine is part of a global certificate rollover that must complete before critical Secure Boot certificates begin expiring in mid‑2026 — and there are simple checks and concrete steps you can take today to confirm your system is ready. Background...

Microsoft and the PC industry have quietly opened a narrow but critical window to prevent a pre‑OS security gap this year: Windows will start rolling replacement Secure Boot certificates into device firmware via staged OS updates, while Microsoft is simultaneously intensifying its public push...

Microsoft is quietly rolling out a coordinated update to refresh long‑lived Secure Boot certificates because a set of Microsoft‑issued UEFI certificates from 2011 will begin expiring in 2026 — and systems that don’t receive the replacement “2023” certificate family beforehand risk losing the...