In a significant update last week, Microsoft has alerted users that the impending expiration of Secure Boot certificates, beginning in June, will impact a majority of Windows devices. The company emphasizes the importance of taking proactive measures to update these certificates to prevent any potential disruptions.
According to Microsoft, neglecting to install the latest Windows update—which is designed to refresh Secure Boot certificates—could hinder the ability of various personal and business devices to boot securely if the updates are not applied in a timely manner. Users can expect a “one-time restart” of their PCs following the update to facilitate the loading of new certificates.
Impending Changes and User Guidance
In a separate advisory, Microsoft cautions that issues may arise as early as June. If a security update cannot be delivered due to the device’s current boot configuration lacking the updated certificate, users will notice a change in the Windows Security app, where the Secure Boot badge will shift to a red stop icon.
The latest update from Microsoft was issued on May 12 and was promptly refreshed the following day to include details regarding the Secure Boot release note. However, on May 15, the update was modified once more, introducing a warning that this critical update might “fail to install.” This situation presents a dilemma for Windows users, as they must ensure the update is successfully installed on their devices by June 1.
Microsoft suggests that for most users, the likely workaround will involve a restart, although this may revert the update. The implications of this rollback on Secure Boot certificates included in the software download remain unclear.
Additionally, this week’s update contains a more intricate warning regarding Secure Boot. Microsoft states that the latest Windows quality updates will incorporate enhanced device targeting data, thereby broadening the scope of devices eligible to automatically receive new Secure Boot certificates.
The communication from Microsoft has left many users seeking clarity, particularly with the added cryptic note that devices will only receive new certificates after demonstrating a sufficient number of successful update signals. This phased rollout approach raises questions about how many PCs will ultimately be affected, leaving users in a state of uncertainty.
