BIOS update

Winsage
June 29, 2026
Major PC manufacturers, including HP, Dell, ASUS, Lenovo, MSI, Acer, Samsung, LG, and Microsoft’s Surface division, have provided guidance on transitioning to new Secure Boot certificates as the expiration of Microsoft’s 2011 certificates approaches. The expiration will occur in three phases: Microsoft Corporation KEK CA 2011 expired on June 24, 2026; Microsoft UEFI CA 2011 expired on June 27, 2026; and Microsoft Windows Production PCA 2011 is set to expire on October 19, 2026. Microsoft has begun rolling out replacement certificates through Windows Update, contingent on OEMs providing compatible BIOS updates. ASUS offers detailed documentation for both consumer and commercial devices, confirming that most users will receive updates automatically. Lenovo provides direct download links for BIOS updates organized by product family and specifies which products will not receive updates. Dell's support article covers its entire product lineup, noting that devices with an End of Service Life before January 1, 2026, will not receive updates. HP outlines a dual-track approach for updates, with specific timelines for commercial PCs. Microsoft's Surface devices receive updates directly from Microsoft, while MSI categorizes guidance based on processor generation for its laptops. Acer emphasizes backing up the BitLocker recovery key and provides a model table for confirmed BIOS release dates. Samsung confirms that all PCs running Windows 10 or 11 will function normally post-expiration, but security updates will cease. LG has released a guide for checking BIOS updates for its PCs. To verify if a PC has the 2023 certificates, users can check the Secure Boot section in Windows Security. A green checkmark indicates successful application, while yellow or red icons indicate pending updates or incompatibility. Microsoft has pushed the certificates to all eligible devices as of June 2026.
Winsage
June 21, 2026
The expiration of Microsoft's Secure Boot 2011 certificates on June 24 will not prevent older Windows PCs from booting, as confirmed by Microsoft. Devices will continue to operate normally, but they will miss future boot-level security updates, including updates to the Windows Boot Manager and mitigations for newly identified vulnerabilities. The ability to receive the Secure Boot 2023 update depends on the device firmware's compatibility, with many manufacturers, including Dell, HP, Lenovo, and ASUS, having cutoffs for BIOS updates based on the device's End of Service Life. Older PCs using Legacy BIOS or Compatibility Support Module (CSM) mode do not utilize UEFI Secure Boot, making the update irrelevant. Users running Windows 11 on unsupported hardware may have Secure Boot disabled or improperly configured. Without the 2023 certificates, devices cannot receive future revocation updates to the Secure Boot DBX, which lists compromised bootloaders. Users on Windows 10 with supported OEMs may receive the update if a compatible BIOS is available, while those on older PCs without updates can continue using their devices but will lack future security updates. The Secure Boot status can be checked through the Windows Security app, with color-coded badges indicating the status of the certificates.
Winsage
June 15, 2026
Microsoft has expanded the rollout of the Secure Boot 2023 certificate update to more Windows 11 and Windows 10 devices with the June 2026 Patch Tuesday update (KB5094126). This update aims to ensure that most supported consumer PCs are classified as high confidence, meaning necessary certificates are either installed or will be applied automatically. Secure Boot is a firmware security feature that verifies the software attempting to load during the startup process, blocking unauthorized software. The certificates supporting Secure Boot, issued in 2011, are expiring in stages starting June 24, 2026, prompting Microsoft to deploy replacement certificates. Most home users do not need to take manual action as the updates will occur automatically via Windows Update. Users can check their Secure Boot certificate status in the Windows Security app. A yellow warning indicates pending compatibility data, while a red alert suggests a firmware incompatibility requiring a BIOS update. Multiple reboots during the update process are normal, and a new SecureBoot folder in Windows is for staging cryptographic files. Older PCs may experience longer update times, and some may not receive updates due to firmware issues. HP users should check for BIOS updates if encountering BitLocker recovery loops. IT administrators should monitor device classifications and manually initiate updates for devices not in the high confidence category. Devices with Secure Boot disabled cannot receive updates, leaving them vulnerable. The expiration of the Microsoft Corporation KEK CA 2011 certificate on June 24 does not immediately affect device functionality, but it limits Microsoft's ability to sign new bootkit blacklist updates.
Winsage
June 9, 2026
Dell users reported issues with Dell SupportAssist causing system crashes, blue screens, and reboot loops on Windows 11. Dell stated the problems were not due to Microsoft's operating system and initially recommended uninstalling the software. An expert suggested disabling the service as an alternative. Dell later confirmed that Remediation Dell SupportAssist (version 5.5.16.0) and Alienware SupportAssist can trigger blue screen errors and reboot loops on Windows 11. HP also faced issues with a BIOS bug causing high-end Windows 11 PCs to get stuck in a BitLocker recovery loop, advising users to disable automatic updates while they worked on a fix.
Winsage
May 26, 2026
HP laptop owners, especially those with EliteBooks, ProBooks, and ZBook workstations, are experiencing issues after a recent BIOS firmware update via Windows Update, leading to system freezes and Blue Screen of Death errors. HP has acknowledged the problem and is investigating it, noting that Microsoft’s 2023 certificates may not apply correctly during this issue. Users are advised to check the UEFICA2023Status and UEFICA2023Error registry values to assess the update process. If the UEFICA2023Status is "In Progress" for too long and UEFICA2023Error is greater than 0, the update has failed. HP recommends disabling automatic updates to avoid the problematic BIOS update and has provided a manual workaround for the BitLocker Recovery loop. Users can also revert to a stable BIOS version, though this may be challenging and may require specific hardware.
Winsage
May 14, 2026
Microsoft has released an update to Windows 11 version 26H1, OS Build 28000.2113, through cumulative update KB5089548 on May 12, 2026. This update includes essential security fixes and non-security enhancements from the previous month's optional preview. Windows 11 version 26H1 is specifically designed for new devices launching in early 2026 and will not be available as an in-place update for existing systems running versions 24H2 or 25H2. The update focuses on maintenance for this branch, with improvements in SSDP notifications and gaming compatibility. It also includes AI enhancements exclusive to Copilot+-enabled PCs. Microsoft continues to support versions 24H2 and 25H2 for enterprise deployments, while 26H1 is relevant only for new hardware platforms. Currently, there are no known issues reported for Windows 11 26H1 or update KB5089548.
Winsage
May 5, 2026
After the installation of the optional April 2026 update, users may experience multiple restarts of their PCs, which is normal due to the Secure Boot certificate refresh process. This behavior may also occur with future updates as Microsoft implements Secure Boot certificate refreshes. Windows updates typically require a single reboot, but significant feature updates or firmware and driver updates may necessitate two or three reboots. Many Windows devices manufactured before 2024 have outdated Secure Boot certificates that need updating, as these certificates will expire in June 2026. Microsoft began rolling out updated Secure Boot certificates in March, but this rollout is staggered. Users can check their PC's Secure Boot certificate status in Windows Security under "Device security." The status is indicated by colored icons: green (up to date), yellow (update pending), and red (action required). Older devices may face issues with the certificate refresh if they lack up-to-date firmware or compatible BIOS updates. If Windows reports an error, the device manufacturer is typically responsible for resolving it. Users should verify that Secure Boot certificates were installed correctly after updates to ensure continued secure booting beyond June.
Winsage
April 16, 2026
The FAT32 file system, historically limited to a 32GB partition size due to a design choice by Microsoft engineer Dave Plummer, can inherently support volumes up to 2TB with a 512-byte sector size and theoretically up to 16TB with 4KB sectors. While Windows maintained this 32GB limit, motherboard manufacturers had already developed firmware to utilize larger FAT32 drives. Tools like Rufus and GUIFormat were used to format high-capacity media, as Windows did not allow direct FAT32 formatting for drives larger than 32GB. However, with the introduction of Windows 11 Insider Preview Builds 26220.8165 and 26300.8170, users can now format large flash drives and external volumes as FAT32 directly from the Command Prompt without third-party software.
Search