security certificates Archives

Winsage

January 13, 2026

New Windows updates replace expiring Secure Boot certificates

Microsoft is enhancing security for Windows 11 24H2 and 25H2 users by automatically replacing expiring Secure Boot certificates on eligible devices. Secure Boot protects against malicious software by ensuring only trusted bootloaders are executed during startup. Many Secure Boot certificates are set to expire starting in June 2026, which could jeopardize secure booting capabilities if not updated. The update includes a mechanism to identify devices eligible for automatic receipt of new Secure Boot certificates. IT administrators are advised to install the new certificates to maintain Secure Boot functionality and prevent loss of security updates. Organizations can also deploy Secure Boot certificates through various methods. IT administrators should inventory their devices, verify Secure Boot status, and apply necessary firmware updates before installing Microsoft's certificate updates.

Winsage

July 16, 2025

Windows Secure Boot Certificate Expired in June, Microsoft Issues Warning

Microsoft has announced that Secure Boot certificates for Windows devices will begin to expire in June 2026, which may affect device functionality and security. An out-of-band update (KB5064489) was released on July 13, 2025, to address immediate security concerns and prepare systems for the certificate transition. This update includes essential quality improvements and fixes issues related to the startup of certain Azure Virtual Machines when Virtualization-Based Security (VBS) is enabled. The update is cumulative and incorporates previous security fixes. Users are advised to install the update promptly and review guidance for updating their certificates before the expiration deadline.