Microsoft’s Secure Boot Update: A New Era of Protection
In an unprecedented move, Microsoft is set to refresh the authentication system that safeguards Windows PCs from potential threats with each reboot. The Secure Boot certificates, which have been in place since 2011, are now on the verge of replacement. This significant update will commence this month, coinciding with April’s security patch rollout.
Initially, Microsoft indicated that users would be able to verify the successful installation of the update starting in April 2026. However, the company has since revised this guidance. The update and the accompanying status check may not be immediately visible on all devices, but Microsoft assures users that it will be deployed across PCs by the end of April 2026.
This update serves a dual purpose: it installs new certificates and confirms whether any user action is necessary. To check the status, users can navigate to Windows Security > Device security > Secure Boot. Here, a color-coded badge—green, yellow, or red—will indicate the current status of Secure Boot. A red badge signals that immediate attention is required.
According to Windows Latest, “Secure Boot certificates are essential for validating boot software. If these certificates expire, there is a risk of exposure to boot-level malware, such as bootkits, or unauthorized modifications.” While the timeline for the expiry of Secure Boot certificates has been available for some time, the implications have often been unclear to the average user.
Although integrating new security certificates into the standard monthly update seems like a prudent strategy, many users remain unaware of the process. For those who wish to verify whether the Secure Boot 2023 certificate is applied to their systems, Windows Latest suggests utilizing PowerShell commands or Event Viewer logs. However, this technical approach may not be familiar to the average user, which is why Microsoft is enhancing the visibility of Secure Boot certificate status within Windows Security.
For now, there is no need for alarm if the update has not yet appeared; the certificates will not expire for several more weeks. It is advisable to check and ensure your system is updated by the end of the month to avoid any last-minute rush. Should any action be required on your part, it’s wise to allocate sufficient time to address it.
Check your PC by the end of this month.
NurPhoto via Getty Images
By the end of April, users should expect to see the updated verification prominently displayed under the “Secure Boot” section within the ‘Device Security‘ tab of Windows Security. Microsoft elaborates that, “Previously, the Secure Boot and Device security icon badges and accompanying text guidance only reflected whether Secure Boot was enabled or disabled. Now, we’re enhancing the badges and text guidance to also show Secure Boot certificate update status.”