security app

Winsage
June 29, 2026
Major PC manufacturers, including HP, Dell, ASUS, Lenovo, MSI, Acer, Samsung, LG, and Microsoft’s Surface division, have provided guidance on transitioning to new Secure Boot certificates as the expiration of Microsoft’s 2011 certificates approaches. The expiration will occur in three phases: Microsoft Corporation KEK CA 2011 expired on June 24, 2026; Microsoft UEFI CA 2011 expired on June 27, 2026; and Microsoft Windows Production PCA 2011 is set to expire on October 19, 2026. Microsoft has begun rolling out replacement certificates through Windows Update, contingent on OEMs providing compatible BIOS updates. ASUS offers detailed documentation for both consumer and commercial devices, confirming that most users will receive updates automatically. Lenovo provides direct download links for BIOS updates organized by product family and specifies which products will not receive updates. Dell's support article covers its entire product lineup, noting that devices with an End of Service Life before January 1, 2026, will not receive updates. HP outlines a dual-track approach for updates, with specific timelines for commercial PCs. Microsoft's Surface devices receive updates directly from Microsoft, while MSI categorizes guidance based on processor generation for its laptops. Acer emphasizes backing up the BitLocker recovery key and provides a model table for confirmed BIOS release dates. Samsung confirms that all PCs running Windows 10 or 11 will function normally post-expiration, but security updates will cease. LG has released a guide for checking BIOS updates for its PCs. To verify if a PC has the 2023 certificates, users can check the Secure Boot section in Windows Security. A green checkmark indicates successful application, while yellow or red icons indicate pending updates or incompatibility. Microsoft has pushed the certificates to all eligible devices as of June 2026.
Winsage
June 21, 2026
The expiration of Microsoft's Secure Boot 2011 certificates on June 24 will not prevent older Windows PCs from booting, as confirmed by Microsoft. Devices will continue to operate normally, but they will miss future boot-level security updates, including updates to the Windows Boot Manager and mitigations for newly identified vulnerabilities. The ability to receive the Secure Boot 2023 update depends on the device firmware's compatibility, with many manufacturers, including Dell, HP, Lenovo, and ASUS, having cutoffs for BIOS updates based on the device's End of Service Life. Older PCs using Legacy BIOS or Compatibility Support Module (CSM) mode do not utilize UEFI Secure Boot, making the update irrelevant. Users running Windows 11 on unsupported hardware may have Secure Boot disabled or improperly configured. Without the 2023 certificates, devices cannot receive future revocation updates to the Secure Boot DBX, which lists compromised bootloaders. Users on Windows 10 with supported OEMs may receive the update if a compatible BIOS is available, while those on older PCs without updates can continue using their devices but will lack future security updates. The Secure Boot status can be checked through the Windows Security app, with color-coded badges indicating the status of the certificates.
Winsage
June 15, 2026
Microsoft has expanded the rollout of the Secure Boot 2023 certificate update to more Windows 11 and Windows 10 devices with the June 2026 Patch Tuesday update (KB5094126). This update aims to ensure that most supported consumer PCs are classified as high confidence, meaning necessary certificates are either installed or will be applied automatically. Secure Boot is a firmware security feature that verifies the software attempting to load during the startup process, blocking unauthorized software. The certificates supporting Secure Boot, issued in 2011, are expiring in stages starting June 24, 2026, prompting Microsoft to deploy replacement certificates. Most home users do not need to take manual action as the updates will occur automatically via Windows Update. Users can check their Secure Boot certificate status in the Windows Security app. A yellow warning indicates pending compatibility data, while a red alert suggests a firmware incompatibility requiring a BIOS update. Multiple reboots during the update process are normal, and a new SecureBoot folder in Windows is for staging cryptographic files. Older PCs may experience longer update times, and some may not receive updates due to firmware issues. HP users should check for BIOS updates if encountering BitLocker recovery loops. IT administrators should monitor device classifications and manually initiate updates for devices not in the high confidence category. Devices with Secure Boot disabled cannot receive updates, leaving them vulnerable. The expiration of the Microsoft Corporation KEK CA 2011 certificate on June 24 does not immediately affect device functionality, but it limits Microsoft's ability to sign new bootkit blacklist updates.
Winsage
June 10, 2026
Microsoft has released the Windows 10 KB5094127 extended security update, which addresses vulnerabilities identified during the June 2026 Patch Tuesday and enhances monitoring of updated Secure Boot certificates. Users on Windows 10 Enterprise LTSC or enrolled in the ESU program can install it via the Windows Update settings. The update upgrades Windows 10 to build 19045.7417 and Windows 10 Enterprise LTSC 2021 to build 19044.7417. It focuses on security enhancements and bug fixes, resolving a total of 200 vulnerabilities, including three zero-day flaws. Key features include improved File Explorer search functionality for Chinese text and UTF-8 encoded files, dynamic status reporting for Secure Boot states, a new policy setting to limit Secure Boot service data sent to Microsoft, and enhanced targeting data for automatic receipt of new Secure Boot certificates. A known issue may cause BitLocker recovery notifications on certain systems, particularly those with specific BitLocker Group Policy settings. Microsoft recommends removing the Group Policy setting and suspending/resuming BitLocker as a temporary fix.
Tech Optimizer
May 29, 2026
NordVPN has launched an updated application that combines its VPN services with next-generation antivirus capabilities, creating a comprehensive digital security suite. The new offering emphasizes three main features: an advanced VPN for private connectivity, a next-generation antivirus for threat protection, and the Dark Web Monitor™ for data breach monitoring. The updated antivirus solution uses artificial intelligence and behavioral analysis to identify threats in real-time, including phishing and malware. In April 2026, NordVPN reported blocking 4.8 million threats, with over 3 million instances of malware blocked. The company’s Threat Protection Pro includes malware and phishing protection, ad and tracker blocking, vulnerability scanning, and dark web monitoring. Independent evaluations have shown high detection rates for blocking malicious URLs. The cybersecurity industry is seeing a trend towards bundling multiple security tools into single subscription packages, with NordVPN aiming to simplify digital protection for users. The company maintains a commitment to privacy, ensuring minimal data collection for threat assessments.
Search