certificates Archives

Winsage

April 13, 2026

Microsoft tightens Windows 11 driver security rules

Microsoft will enforce a new mandate requiring all hardware drivers to comply with the Windows Hardware Compatibility Program (WHCP) standards starting April 1, 2026. This change will eliminate the "cross-signing" system that allowed older drivers with expired certificates to remain trusted. The enforcement of WHCP certification will apply to various versions of Windows 11 and Windows Server 2025. Users may face blocks when installing older drivers on new systems, but existing installations will not be immediately disrupted. Microsoft plans to introduce an "allow list" for vetted legacy drivers to ensure essential equipment remains operational during the transition. The initial rollout will occur in "evaluation mode," allowing Microsoft to monitor driver behavior without blocking software. For corporate environments, Microsoft offers "Application Control for Business" to allow specific software while maintaining security measures.

Winsage

April 11, 2026

Announcing Windows 11 Insider Preview Build for Canary Channel 29565.1000

Windows Insider Preview Build 29565.1000 has been released in the Windows 11 Insider Canary Channel. Key updates include improved performance for the Bubbles screensaver on high refresh rate monitors, refinements to the drag tray based on user feedback, and enhancements to the Windows Security app, which now features color-coded icon badges for Secure Boot status. The Feedback Hub has also received updates, including a new default window size that remembers dimensions, mouse back button navigation, and improved visibility for community feedback. Canary Channel builds may be unstable and are subject to change. Users can enable a toggle in Settings to access new features gradually. A clean installation of Windows 11 is required to exit the Canary Channel.

Winsage

April 11, 2026

Announcing Windows 11 Insider Preview Build 26220.8165 (Beta Channel)

Windows 11 Insider Preview Build 26220.8165 (KB 5083635) has been released to the Beta Channel, featuring several updates: - The FAT32 volume formatting size limit has increased from 32GB to 2TB. - Performance improvements for navigating large volumes in Storage settings. - Reduced frequency of UAC prompts on the Storage page. - Resolution of unrealistic data usage values in Network settings. - Enhancements to the Windows Security app's Secure Boot experience, including color-coded icon badges and updated certificates. - A revamped Feedback Hub with a modernized experience, simpler feedback submission, easier navigation, a new compliment feedback type, and improved screenshot capture tools. - Updates are based on Windows 11, version 25H2, and features are gradually rolled out using Controlled Feature Rollout technology. - A desktop watermark appears in Insider pre-release builds. - Features may not be released beyond Windows Insiders and may evolve or be removed.

Winsage

April 11, 2026

Announcing Windows 11 Insider Preview Build 26300.8170 (Dev Channel)

Windows 11 Insider Preview Build 26300.8170 (KB 5083632) has been released to the Dev Channel. Key changes include: - The FAT32 volume formatting size limit has increased from 32GB to 2TB. - Performance improvements for navigating large storage volumes in Settings. - A UAC prompt for accessing temporary files is now only shown when entering that specific section. - An issue with unrealistic data usage values in the Network settings has been fixed. - Enhancements to the Windows Security app include color-coded icon badges and updated text in the Secure Boot section, with updates to Secure Boot certificates being rolled out. - Feedback Hub version 2.2604.101.0 is being rolled out, featuring design improvements, improved default window size, mouse back button navigation, and corrected upvote buttons for Chinese display language users. Updates are based on Windows 11, version 25H2, and features are rolled out using Controlled Feature Rollout technology. The desktop watermark is present in Insider pre-release builds. Features may not be released to the public and could evolve or be removed based on feedback.

Winsage

April 9, 2026

Google’s New $3 USB Kit Converts Old Windows 10 PCs to ChromeOS Flex Machines

Google, in collaboration with Back Market, has launched a USB kit for installing ChromeOS Flex on aging Windows 10 PCs for a fee. This kit simplifies the installation process, allowing users to replace their existing Windows system easily. ChromeOS Flex is compatible with various PCs and some Macs, focusing on cloud-based tasks and supporting browser-based and Android applications only. A study indicated that ChromeOS consumes 19% less energy than similar systems. For every USB drive produced, an equivalent weight of electronic waste is recycled. Google plans to provide software updates for Chromebooks for 10 years and for Pixel phones for 7 years. Windows 10 support will end in October 2025, with Microsoft offering a free extended security update until October 2026. Approximately 32% of the market still uses Windows 10, with 121 million enterprise devices estimated to be operating on it. The ChromeOS Flex USB Kit is considered a pilot program, with potential for increased production based on demand.

Winsage

April 7, 2026

Windows 11 is phasing out old kernel drivers: Microsoft will permanently end cross-signing in April

On March 26, 2026, Microsoft announced that starting with the April security update, it will eliminate trust in kernel drivers from the previous Cross-Signed Program for Windows 11 versions 24H2, 25H2, 26H1, and Windows Server 2025. Only drivers that have passed the Windows Hardware Compatibility Program (WHCP) or are on Microsoft's allow list will be allowed to load by default. This change aims to enhance security by establishing a robust chain of trust and addressing vulnerabilities associated with old kernel drivers. Users of older hardware that rely on specialized drivers may face challenges, as drivers not WHCP-signed or explicitly allowed will be excluded from the trusted zone.

Winsage

April 2, 2026

Microsoft Provides a Secure Boot Certificate Update

Microsoft will roll out new Secure Boot certificates starting in April 2026, allowing users to access and understand their Secure Boot certificate status through the Windows Security app. This feature will be found under the Device security section in the Secure Boot area. Users with PCs manufactured in 2024 or later will have the necessary certificates, while older models will receive updates via Windows Update. The Windows Security app will use a color-coded system to indicate certificate status: a green check box for up-to-date certificates, a yellow bang for safety recommendations, and a red stop icon for critical issues. Further enhancements, including notifications and in-app guidance, will be introduced in May. Resources for IT administrators are available on Microsoft Support.

Winsage

April 2, 2026

Windows Security App Gains Secure Boot Certificate Status Ahead of Major Certificate Refresh

The Secure Boot certificates used by the Unified Extensible Firmware Interface (UEFI) on Windows PCs will expire in late June 2026. Microsoft is rolling out updated certificates through Windows Update to ensure user protection. Starting in April 2026, users can check their device's status in the Windows Security app, which will feature a color-coded badge system: - Green Checkmark: New certificates are installed, no action needed. - Yellow Caution Badge: Update pending or blocked due to hardware/firmware issues (expected in May 2026). - Red Stop Icon: Alerts users that older certificates are expiring, potentially preventing essential boot-level security updates (may appear as early as June 2026). The status will also be indicated in the Windows Security system tray icon. Most users will have a seamless update process by keeping Windows Update enabled, with devices from 2025 and many from 2024 covered. Older machines will receive updates gradually, guided by major OEMs. Microsoft advises against ignoring yellow or red warnings, as devices without updated certificates may be vulnerable to security threats and incompatible with future Windows updates. A support resource is available at aka.ms/getsecureboot.

Winsage

March 31, 2026

Microsoft’s April 2026 Windows Update Ends Trust for Cross-Signed Kernel Drivers

Microsoft will eliminate default trust for kernel drivers signed through the outdated cross-signed root program with the April 2026 Windows update. All new kernel drivers must be certified via the Windows Hardware Compatibility Program (WHCP). This change will affect Windows 11 builds 24H2, 25H2, and 26H1, as well as Windows Server 2025, with future versions following the same standards. The update will begin in evaluation mode, monitoring driver loads for compliance before transitioning to enforcement mode. An allow list of reputable drivers will be maintained for legacy hardware, and enterprises can use Application Control for Business policies to authorize specific drivers. Users with older hardware may face compatibility issues if their drivers are not WHCP-certified.

Winsage

March 28, 2026

Update Windows 11 will block Denuvo hacking via Hypervisor

Microsoft has confirmed a major kernel security update for Windows 11, revoking trust in older drivers signed through an outdated cross-certification program. The update will ensure that Windows 11 accepts only software that has passed the Windows Hardware Compatibility Program's testing standards. This change aims to counter piracy attempts, particularly against a hacker known as DenuvOwOA, who bypassed Denuvo's anti-piracy protection by manipulating the embedded hypervisor and loading unsigned or vulnerable drivers. The new security policy will block the execution of such code, making existing hacking methods obsolete. The rollout will begin in compatibility assessment mode for Windows 11 and Windows Server & Hosting, with a hard block activated only if no stability issues are detected. Corporate clients can manually add certificates through the Application Control for business tool, while gamers will find it increasingly difficult to run hacked games relying on a modified hypervisor.