Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Windows Secure Boot is about to expire, what should users do to avoid security risks?
About three months ago, Microsoft published a blog post warning about the upcoming expiration of the Secure Boot certificate , explaining why it was important. Now, as the 'X' date approaches, the company has released a support document with more details.
What is Secure Boot?
Secure Boot was first introduced by Microsoft in 2011 to ensure that computers only boot using authenticated firmware and trusted bootloaders. It was later made a hardware requirement for Windows 11, along with the TPM (Trusted Platform Module), as part of an effort to improve system security.
The first Secure Boot certificates are valid for 15 years and will begin to expire in June 2026. When the certificate expires, Windows will not be able to install some important updates, leaving the system vulnerable to BootKit and other dangerous malware.
What should users do?
Updating certificates is not a habit of most ordinary users. Therefore, Microsoft has prepared a detailed FAQ section :
- Regular PC users : If you're using a PC and getting the patch through Windows Update, you've got nothing to worry about. Microsoft will automatically update the certificate in the background. This is also why you shouldn't leave Windows Update disabled for too long.
- Windows 10 users who don't upgrade to Windows 11 : You'll need to join the Extended Security Updates (ESU) program to continue receiving new certifications. The only exception is Windows 10 LTSC/LTSB, which will still receive security updates after October 14, 2025.
- Unsupported versions of Windows will not receive new certificates.
Additionally, Microsoft notes that devices running Windows 10 LTSC that upgrade to Windows 11 LTSC but with Secure Boot disabled and an expired certificate will not automatically receive the new certificate. Users will have to follow the migration steps as instructed at that time to ensure their system has the 2023 certificate.
Additionally, some PCs may fail to boot after resetting the firmware to default. This is because the default does not have the Windows UEFI CA 2023 certificate. The solution is to reapply the certificate using USB recovery, as detailed in Microsoft's support documentation.
You can find the full FAQ about the upcoming Secure Boot certificate expiration in the official documentation from Microsoft here.
Marvin FryYou should read it
- How to bypass Windows 11 minimum installation requirements
- Microsoft Lists Why TPM, Secure Boot Are Mandatory on Windows 11
- Microsoft blocked Windows 7 security updates without antivirus software
- Microsoft: Windows 10 ESU works even if Windows 11 is not supported
- Windows 8 security feature prevents dual booting with Linux
- Features that make Windows 11 the most secure version of Windows ever
Technology story
Apple may soon launch a touchscreen MacBook Pro, going against Steve Jobs' 'last wish'- A 120-year-old law of physics that Einstein once proved wrong has been proven again.
- OpenAI 'sucking blood' from Apple: An unprecedented talent migration
- 5 Basic Skills Every PC User Should Know
- A19 Pro performance on iPhone 17 Pro is superior: Up to 69% FPS increase compared to A18 Pro and A17 Pro
- Huawei launches Atlas 950 SuperCluster — ambitious to achieve 1 ZettaFLOPS FP4 performance, scale of hundreds of thousands of APUs
Apple may soon launch a touchscreen MacBook Pro, going against Steve Jobs' 'last wish'
A 120-year-old law of physics that Einstein once proved wrong has been proven again.
OpenAI 'sucking blood' from Apple: An unprecedented talent migration
5 Basic Skills Every PC User Should Know
A19 Pro performance on iPhone 17 Pro is superior: Up to 69% FPS increase compared to A18 Pro and A17 Pro
Huawei launches Atlas 950 SuperCluster — ambitious to achieve 1 ZettaFLOPS FP4 performance, scale of hundreds of thousands of APUs