Microsoft has clarified what will happen to Windows 11 PCs if Secure Boot certificates are not updated before they expire in June 2026.
Secure Boot is a security standard developed by the PC industry. It ensures a device boots only with software trusted by the original equipment manufacturer (OEM)..
Every time a PC starts, the firmware checks the cryptographic signature of each boot component, including those tied to certificates issued in 2011. Only after those checks pass is the Windows Boot Manager allowed to load.
When the existing Secure Boot certificates expire, millions of Windows PCs could be affected. In some cases, systems may become less secure. In more extreme scenarios, they could fail to boot properly.
To prevent this, Microsoft has begun rolling out new certificates.
New Secure Boot certificates
The delivery of the new 2023 Secure Boot certificates is not a simple update, as they directly interact with the UEFI hardware on your computer’s motherboard.
“Microsoft must transfer the new 2023 certificates into the firmware, replace the boot manager with a version signed using the new keys, and finally revoke trust in the old certificates,” Windows Latest explains.
To explain the consequences, Microsoft organized a Q&A session with Principal Security Engineer Arden White, Principal Software Architect Scott Shell, and Group Engineering Manager Richard Powell. Windows Latest took part in the session and summarized the findings. According to their report, the consequences for Windows PCs with outdated or expired Secure Boot certificates can be summarized as follows:
“If you ignore the Secure Boot certificate deadline in June 2026, your Windows 11 PCs would likely still start and run normally, but system security may be permanently compromised as Microsoft will no longer provide boot-critical updates and malware blacklists (DBX blocklists). You can check the Secure Boot status in the Windows Security app.”
If you haven’t installed the new Secure Boot certificate, your PC won’t be able to run the latest Windows Boot Manager. Consequently, Microsoft would no longer provide security updates for boot-critical binaries. In addition, your system may no longer receive new DBX blacklists, potentially leaving you exposed to future bootkit malware. You may also find that future Windows feature updates are no longer installable.
Things to keep in mind
Very old computers that still rely on BIOS rather than UEFI are generally not affected by this issue and will not receive the update. Microsoft also notes that it is normal for Windows PCs to restart several times during the installation of new Secure Boot certificates. Existing BitLocker encryption does not need to be disabled.
The new 2023 Secure Boot certificates are valid through 2038.
How to check the status of your Windows PC
In Windows Settings, go to Privacy & Security > Windows Security > Device Security to check your Secure Boot status. If you see a green circle with a white checkmark under “Secure Boot,” everything is fine. Your PC is ready for the June 2026 deadline.
If you see a yellow or red warning instead, you should read the further information provided.
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.
