Secure Boot Archives

Winsage

May 13, 2026

Microsoft releases Windows 10 KB5087544 extended security update

Microsoft has released the Windows 10 KB5087544 extended security update, which addresses vulnerabilities identified during the May 2026 Patch Tuesday and resolves issues related to Remote Desktop warnings. Users on Windows 10 Enterprise LTSC or enrolled in the ESU program can install it via Settings under Windows Update. The update upgrades Windows 10 to build 19045.7291 and Windows 10 Enterprise LTSC 2021 to build 19044.7291. The update focuses on security enhancements and bug fixes, addressing 120 vulnerabilities. Key fixes include resolving incorrect Remote Desktop security warning dialogs in multi-monitor setups, introducing dynamic status reporting for Secure Boot, and adjusting Daylight Savings Time for Egypt. A known issue may require users to input their BitLocker recovery key after installation, affecting systems with specific BitLocker Group Policy configurations. Microsoft suggests removing the affected Group Policy setting and suspending and resuming BitLocker as a temporary solution.

Winsage

May 13, 2026

Windows 11 security update fixes critical Bing and Azure flaws

Microsoft released its May 2026 Patch Tuesday updates for Windows 11, addressing 97 security vulnerabilities across various components, including Windows, Microsoft Office, Azure services, SQL Server, SharePoint, Hyper-V, and .NET. The updates are encapsulated in KB5089549 for Windows 11 versions 24H2 and 25H2, elevating systems to builds 26100.8457 and 26200.8457. Notable vulnerabilities include CVE-2026-32169, a critical flaw in Azure Cloud Shell with a CVSS score of 10.0, and CVE-2026-21536, a critical remote code execution vulnerability in the Microsoft Devices Pricing Program with a CVSS score of 9.8. Other critical vulnerabilities include CVE-2026-32191 and CVE-2026-32194, impacting Microsoft Bing Images, both with CVSS scores of 9.8. The update also addresses multiple Windows privilege escalation vulnerabilities and remote code execution vulnerabilities in Microsoft Office and Excel. Microsoft has warned of upcoming Secure Boot certificate expirations starting in June 2026 and has improved boot reliability related to BitLocker recovery issues. Users can install the updates via Settings → Windows Update, with a system restart required.

Winsage

May 10, 2026

‘One Time Restart’—Microsoft Changes Windows After 15 Years

Microsoft is implementing changes to Secure Boot certificates for Windows PCs, marking the first expiration since 2011. New certificates must be installed on all devices before a deadline in June. Users can check their status via the Windows Security App. The new certificates will be distributed through regular monthly security updates, with some users already receiving them in April and others expected to see changes in May. Following these updates, users may experience additional restarts on their PCs. The update applies only to PCs eligible for security updates, meaning many Windows 10 PCs will not receive the new certificates, potentially exposing them to risks. Affected users are advised to enroll in Microsoft’s Extended Security Update (ESU) program.

Winsage

May 9, 2026

‘Faster, Free’—Google Offers Windows Users A PC Upgrade

Microsoft's Secure Boot certificates, in use since 2011, will begin to expire in June, potentially leaving many Windows 10 users without essential updates. As Windows 10 approaches its end of support in October 2025, Microsoft is offering a complimentary year of extended support, which includes new Secure Boot certificates, but users must enroll to receive these updates. For those who do not enroll, Google offers a free upgrade option to ChromeOS Flex, which allows users to repurpose old laptops into efficient machines. ChromeOS Flex is lightweight, requires less hardware power, and provides regular security updates, making it a safer alternative to unsupported Windows systems. Google has made ChromeOS Flex available on a reusable USB stick, although it is often in short supply.

Winsage

May 6, 2026

Why are 25%+ gamers still using Windows 10 despite its EOL status?

A significant portion of gamers, over 25%, continues to use Windows 10 despite its end-of-life status declared on October 14, 2025. Reasons for this preference include: 1. Windows 10 has reached peak stability after years of updates, providing reliable performance. 2. It is compatible with older PCs, allowing gamers to use existing hardware without costly upgrades. 3. Windows 10 has fewer AI features, offering a streamlined experience preferred by many gamers. 4. Basic applications launch more swiftly in Windows 10 compared to Windows 11, enhancing performance. 5. Windows 10 has fewer ads and bloatware, resulting in a cleaner user interface. 6. Users can create a local account during setup in Windows 10, unlike the mandatory Microsoft account requirement in Windows 11. However, Windows 10 is no longer receiving security updates, which poses a risk as vulnerabilities may arise without patches.

Winsage

May 6, 2026

Microsoft’s new Windows Update approach could make restarts less annoying

Microsoft is transforming its Windows Update system to reduce user frustration and enhance the experience. The company aims to minimize disruption from updates, promoting a more predictable update rhythm and greater user autonomy. Key changes include a unified monthly restart cycle to avoid multiple restarts, simplified management of updates allowing users to start, stop, or pause updates easily, and the ability to restart or shut down devices without immediate installation of updates. New PCs will allow users to pause updates during the initial setup. However, updates can only be paused for a maximum of 35 days to ensure security and system stability. Additionally, users will receive alerts regarding critical updates, including warnings about the retirement of older Secure Boot certificates.

Winsage

May 6, 2026

Microsoft confirms why Windows 11 updates might be weird right now, and look like they’re failing — but it’s nothing to worry about

Microsoft has acknowledged that some Windows 11 updates may require multiple reboots, particularly those related to Secure Boot certificates, which are essential for system security. These updates aim to protect against malware, especially rootkits, and ensure the effective functioning of Secure Boot. Some users have faced difficulties in receiving the new certificates due to firmware issues, but multiple reboots typically indicate that necessary security enhancements are being applied.

Winsage

May 5, 2026

Microsoft confirms Windows 11 may restart multiple times after updates and your PC isn’t broken, as it’s due to Secure Boot 2023

Upon installing the April 2026 Patch Tuesday update, some users experienced two or three reboots, which Microsoft confirmed is intentional due to the installation of Secure Boot 2023 certificates. This behavior is expected for a limited number of devices and is part of the Secure Boot update process. The Secure Boot certificates are replacing older ones issued in 2011, set to expire in June 2026. Users can check their Secure Boot status in the Windows Security app, which indicates the status with green, yellow, or red badges. A green badge means the system is up to date, while yellow and red badges indicate issues with certificate updates. Microsoft is managing Secure Boot certificates on modern PCs, but older machines without OEM support may struggle to receive updates due to firmware limitations.

Winsage

May 5, 2026

Windows 11 restarts several times after a recent update? Don’t panic

After the installation of the optional April 2026 update, users may experience multiple restarts of their PCs, which is normal due to the Secure Boot certificate refresh process. This behavior may also occur with future updates as Microsoft implements Secure Boot certificate refreshes. Windows updates typically require a single reboot, but significant feature updates or firmware and driver updates may necessitate two or three reboots. Many Windows devices manufactured before 2024 have outdated Secure Boot certificates that need updating, as these certificates will expire in June 2026. Microsoft began rolling out updated Secure Boot certificates in March, but this rollout is staggered. Users can check their PC's Secure Boot certificate status in Windows Security under "Device security." The status is indicated by colored icons: green (up to date), yellow (update pending), and red (action required). Older devices may face issues with the certificate refresh if they lack up-to-date firmware or compatible BIOS updates. If Windows reports an error, the device manufacturer is typically responsible for resolving it. Users should verify that Secure Boot certificates were installed correctly after updates to ensure continued secure booting beyond June.

Winsage

May 3, 2026

Microsoft Defender Adds Dashboard for 2011 Secure Boot Certificates

Microsoft has introduced a feature in the Microsoft Defender dashboard to help IT managers identify devices using 2011 Secure Boot certificates, which expire in June of this year. The recommendation view categorizes devices into three groups: Exposed Devices (trust outdated certificates), Compliant Devices (use new 2023 certificates), and Not Applicable Devices (Secure Boot disabled or unsupported). The dashboard provides a centralized overview of device security status and the distribution of 2023 certificates, allowing filtering by operating system and device context. Devices without the new certificates will still boot but may lack the latest protection during the early boot phase, exposing them to threats. Microsoft does not automatically distribute new certificates via Windows updates on servers, requiring manual action from administrators. The dashboard aids IT teams in prioritizing action on Exposed Devices and exporting data for collaboration.