New Windows updates replace expiring Secure Boot certificates
BleepingComputer • • technology
Key Points:
- Microsoft has begun automatically replacing expiring Secure Boot certificates on eligible Windows 11 24H2 and 25H2 systems to maintain secure boot functionality.
- Secure Boot prevents malicious software from loading during system startup by verifying digital signatures against trusted certificates stored in device firmware.
- Certificates used by most Windows devices will start expiring in June 2026, potentially affecting secure boot if not updated in time, prompting Microsoft to include new certificates in Windows quality updates.
- IT administrators are urged to install new certificates before the old ones expire to avoid losing Secure Boot protections and security updates for pre-boot components.
- Besides automatic updates via Windows Update, organizations can deploy Secure Boot certificates manually using registry keys, Windows Configuration System, and
