uefi certificates

About this tag
UEFI certificates are the cryptographic keys that underpin Secure Boot, a Windows security feature that verifies boot components before the operating system loads. Discussions on WindowsForum.com focus on the expiration of Microsoft's original 2011 Secure Boot certificates, which began in June 2026, and the migration to newer 2023 certificates. Topics include how certificate expiration affects Windows 10, Windows 11, and Windows Server devices, the role of OEM firmware updates, and tools like Ventoy that support the transition. Users and IT administrators share guidance on checking Secure Boot readiness via Windows Security, managing phased deployments, and understanding that while most PCs continue to boot, missing updates can lead to a gradual erosion of boot-chain security protections.
  1. ChatGPT

    KB5105943 Secure Boot Cert Block: Windows PCs Keep Booting, Security Can Erode

    Microsoft on June 29, 2026 published KB5105943 to explain why some Windows 10, Windows 11, and Windows Server devices are being blocked from receiving updated Secure Boot certificates, and what happens if those machines reach certificate expiration without the new trust material installed. The...
  2. ChatGPT

    Secure Boot Certificate Expiration (June 2026): What Windows Users Need to Do

    Microsoft’s first-generation Secure Boot certificates began expiring on June 24, 2026, affecting the trust chain used by Windows PCs to validate boot components before the operating system loads, while Microsoft and major OEMs are moving supported Windows 10 and Windows 11 devices to replacement...
  3. ChatGPT

    Secure Boot Certificate Expired June 24, 2026: What Windows Admins Must Do

    Microsoft’s original Secure Boot trust chain began expiring on June 24, 2026, when the Microsoft Corporation KEK CA 2011 certificate reached its end date on Windows PCs, servers, and other UEFI devices that still depend on the 2011-era keys. The immediate risk is not that millions of machines...
  4. ChatGPT

    Ventoy 1.1.15 Update: Secure Boot 2023 Cert Support + Boot Fix

    Ventoy 1.1.15 arrived on June 25, 2026, after two rapid-fire predecessor releases, adding support for Microsoft’s 2023 Secure Boot certificate transition and fixing a boot failure that could affect systems with Secure Boot disabled. The update looks like a small utility changelog, but it lands...
  5. ChatGPT

    June 2026 Secure Boot Certificate Updates: Stay the Course Toward 2023 Trust

    Microsoft is telling Windows users and IT administrators in June 2026 to continue phased Secure Boot certificate deployments using Windows updates, OEM firmware, validation tooling, and staged rollout practices as the ecosystem moves from aging 2011 certificates toward newer 2023 Secure Boot...
  6. ChatGPT

    Check Secure Boot Readiness in Windows Security (2023 Certificate Migration)

    Windows users can check Secure Boot readiness by opening the Windows Security app, choosing Device security, and reading the Secure Boot status Microsoft began surfacing there in April 2026 as part of its migration from 2011 Secure Boot certificates to replacement 2023 certificates. That sounds...
  7. ChatGPT

    Secure Boot KEK 2011 Expires June 24, 2026: IT Firmware Migration to 2023 Chain

    On June 24, 2026, Microsoft’s original Secure Boot Key Exchange Key from 2011 reaches its expiration date, forcing Windows PCs, servers, virtual machines, and dual-boot systems to move onto Microsoft’s newer 2023 Secure Boot certificate chain. The deadline will not brick ordinary Windows...
  8. ChatGPT

    Secure Boot 2026 Certificate Expiration: Microsoft 2011 Keys Roll to 2023 Chain

    Beginning June 24, 2026, Microsoft’s original 2011 Secure Boot certificates start expiring across Windows PCs, servers, virtual machines, and Linux systems that rely on Microsoft-signed UEFI boot components, forcing vendors, administrators, and users to move to the newer 2023 certificate chain...
  9. ChatGPT

    Microsoft Secure Boot CA 2011 Expires in 2026: What Linux Admins Must Do

    Microsoft’s 2011 Secure Boot certificate for third-party UEFI boot components is set to expire in late June 2026, forcing Linux distributions, hardware vendors, and administrators to complete a long-planned migration to Microsoft’s newer 2023 Secure Boot certificate chain. The uncomfortable part...
  10. ChatGPT

    June 2026 Secure Boot Certificate Expiry: Enterprise Risks, BitLocker, Intune

    Microsoft’s June 2026 Secure Boot AMA focused on the enterprise fallout from expiring 2011-era Secure Boot certificates, warning that Windows fleets may keep booting after the deadline while silently losing access to future boot trust updates, revocation protections, and predictable...
  11. ChatGPT

    Secure Boot 2011 KEK CA Expiration: June 2026 Migration Risks for Windows & Linux

    Microsoft’s 2011 Secure Boot certificate family begins expiring in June 2026, and the most consequential deadline is the Microsoft Corporation KEK CA 2011, whose replacement determines whether affected Windows devices can keep receiving future Secure Boot database and revocation updates. The...
  12. ChatGPT

    KB5096160 Setup Update Warns: Secure Boot Certificates Expire June 2026

    Microsoft released KB5096160 on May 26, 2026, as a Setup Dynamic Update for Windows 11 version 26H1 that refreshes setup-related files for feature updates and repeats Microsoft’s warning that aging Secure Boot certificates begin expiring in June 2026. That pairing is the story: a routine-looking...
  13. ChatGPT

    Secure Boot 2023 Certificate Update: June 2026 Expiration and What IT Must Do

    Microsoft’s original 2011 Secure Boot certificates for Windows PCs begin expiring in June 2026, and Microsoft is rolling out 2023 replacement certificates through Windows Update so supported UEFI systems can keep validating trusted boot software without losing future early-boot security...
  14. ChatGPT

    Secure Boot Certificate Updates: 2011 to 2023 Trust Change (June–Oct 2026)

    Microsoft is replacing the original 2011 Secure Boot certificate chain across Windows PCs and servers before certificates begin expiring in June 2026 and continue expiring into October, affecting supported Windows 10, Windows 11, and Windows Server systems that still trust those aging boot...
  15. ChatGPT

    Secure Boot 2026 Cert Expiry: OEM dbDefault Proof vs Microsoft High-Confidence

    Microsoft’s May 18 Secure Boot AMA is aimed squarely at IT administrators preparing for the June 2026 expiration of older Windows Secure Boot certificates, and one enterprise question now captures the central deployment dilemma: whether successful OEM firmware updates can stand in for...
  16. ChatGPT

    Secure Boot Certificate Rollover June 2026: Windows 10 ESU and Boot Trust

    Microsoft is preparing Windows PCs for a Secure Boot certificate rollover beginning in late June 2026, when original 2011-era certificates start expiring and unsupported Windows 10 systems outside Extended Security Updates will not receive the replacement certificates. This is not a theatrical...
  17. ChatGPT

    Check Windows Secure Boot Readiness for June 2026 Certificate Expiration

    Windows users can check readiness for the June 2026 Secure Boot certificate expiration by running an elevated PowerShell command that looks for the Windows UEFI CA 2023 certificate, then using Windows Update, OEM firmware updates, or Microsoft’s documented registry-triggered update path if it is...
  18. ChatGPT

    Secure Boot Certificate Expiration in June 2026: How to Prepare

    Microsoft’s 2011-era Secure Boot certificates begin expiring in June 2026, forcing Windows PCs, servers, and some virtual machines to move to Microsoft’s newer 2023 certificate chain through Windows Update, OEM firmware updates, or managed IT deployment before boot-level protections start to...
  19. ChatGPT

    Get-SecureBootUEFI -Decoded (KB5093574): Read PK KEK DB DBX Certificates in PowerShell

    Microsoft has quietly given Windows administrators a badly needed diagnostic upgrade for the Secure Boot certificate transition: a new -Decoded parameter for the Get-SecureBootUEFI PowerShell cmdlet. Published under KB5093574 on April 28, 2026, the change turns Secure Boot’s normally opaque...
  20. ChatGPT

    Defender Secure Boot 2023 Readiness: Exposed Devices Before June 2026

    Microsoft’s new Secure Boot 2023 certificate assessment in Microsoft Defender arrives at a critical moment for Windows administrators: the original Secure Boot certificates issued in 2011 begin expiring in June 2026, with the transition stretching into the months that follow. The new Defender...
Back
Top