Changes to Windows Secure Boot Certificates
In a significant shift for Windows users, Microsoft is set to implement changes to Secure Boot certificates across most PCs, marking the first expiration of these critical certificates since their introduction in 2011. This update necessitates the installation of new certificates on all devices before the impending deadline in June.
Microsoft has articulated that the purpose of this update is to “ensure Windows devices continue to verify trusted boot software.” For those who have purchased a PC within the last two years, it is likely that they are already equipped with the updated certificates. Users can verify their current status through the Windows Security App.
For the broader user base, the new certificates will be rolled out as part of the regular monthly security updates. Many users may have already received these updates in April, while others can expect to see the changes implemented in May. However, Microsoft has cautioned that following the April update, users might experience additional restarts on their PCs. This could also occur in May or at various points over the coming months as the certificate updates take effect.
“With recent and upcoming Windows updates over the next few months,” Microsoft noted, “some users might experience one additional restart during installation. This one-time restart occurs after a Secure Boot certificate update is applied.”
There are additional considerations to keep in mind. The Windows Update process, along with the Windows Security App, will indicate a PC’s Secure Boot status, highlighting any critical red warnings where user action is required prior to the Secure Boot deadline. Importantly, Microsoft has confirmed that this update applies only to PCs that are eligible for security updates. Consequently, hundreds of millions of Windows 10 PCs will not receive the new Secure Boot certificates, exposing them to potential risks come next month.
For those affected, it is advisable to enroll in Microsoft’s Extended Security Update (ESU) program to mitigate any vulnerabilities that may arise from this transition.
