Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Microsoft is automatically replacing boot-level security certificates on Windows devices before they expire later this year. The new Secure Boot certificates will be rolled out as part of regular updates to the Windows platform, according to Microsoft Advertising Blogrepresenting a “generational update” to the security standard.
Secure Boot was introduced in 2011 to protect systems from any unauthorized changes during the boot process, and later became a requirement for Windows 11 devices. After 15 years, 2011 Secure Boot certificates are now scheduled to expire between June 2026 and October 2026. A new set of certificates was issued in 2023 and has already shipped with many new Windows-based devices sold since 2024, but older computers will need to be updated.
“As cryptographic security evolves, certificates and keys must be updated periodically to maintain strong protection,” Microsoft’s Nuno Costa said in the announcement blog. “Removing old certificates and introducing new ones is a standard industry practice that helps prevent old credentials from becoming a vulnerability and keeps platforms consistent with modern security expectations.”
While computers will “continue to function normally” based on an expired certificate, they will enter a “degraded security state” that may limit boot-level security updates in the future, and may experience compatibility issues with future hardware or software, Costa says. New Secure Boot certificates began rolling out with Windows 11 update KB5074109 last month.
The new certificates will install automatically and require no additional action for the vast majority of Windows 11 users. Microsoft says that some specialized systems such as server or IoT devices may follow different update processes, and that a separate firmware update from third-party manufacturers may be required for “a small portion of devices.” Check the OEM support pages for more information. Windows 10 users will also need to register with Microsoft Extended security updates To receive new certificates.