Microsoft has issued an urgent advisory for Windows users regarding an upcoming expiration of security certificates that could have significant implications for device functionality. The tech giant has revealed that Secure Boot certificates, which are integral to the operation of most Windows devices, will begin to expire in June 2026. This situation poses a risk to the secure booting process of both personal and business computers if the necessary updates are not implemented in a timely manner.
Accompanying this announcement was the release of an out-of-band update (KB5064489) on July 13, 2025. This update aims to address immediate security concerns while also preparing systems for the forthcoming certificate transition. The update carries the OS Build number 26100.4656 and introduces essential quality improvements to bolster system stability.
Understanding the Impact
Secure Boot serves as a critical security feature designed to thwart the loading of malicious software during the startup phase of a computer. The expiration of these certificates may lead to boot failures or expose systems to security vulnerabilities, thereby increasing the risk of malware attacks. This expiration affects a wide array of devices, ranging from individual personal computers to extensive enterprise-level business systems.
In light of this, Microsoft strongly advises users and IT administrators to review the guidance provided and take proactive measures to update their certificates well ahead of the June 2026 deadline. The company has made available detailed steps to assist users in navigating the certificate renewal process seamlessly.
Critical System Fixes
The recently released update addresses several pressing issues beyond merely preparing for certificate expiration. Notably, it rectifies a problem that hindered the startup of certain Azure Virtual Machines when Virtualization-Based Security (VBS) was enabled. This issue predominantly affected VMs utilizing version 8.0, particularly those hosted on older VM SKUs in Azure environments, which are crucial for businesses relying on Azure’s cloud infrastructure.
The root cause of this disruption was traced back to a secure kernel initialization issue that interfered with the normal boot sequence. This fix is vital for organizations that depend on Azure for their operational needs. Furthermore, the update is cumulative, incorporating security fixes and enhancements from the previous July 8, 2025, security update (KB5062553).
Additionally, it includes a Windows 11 servicing stack update (KB5063666) that improves the component responsible for installing Windows updates, ensuring a more robust and reliable installation process. Microsoft has confirmed that no known issues exist with this update, indicating a thorough testing process prior to its release.
Users can access the update through standard Windows Update channels, the Microsoft Update Catalog, or Windows Server Update Services. Given the critical nature of both the certificate expiration and the vulnerabilities addressed, Microsoft urges all Windows users to install this update without delay. Organizations are encouraged to prioritize testing and deployment across their networks to mitigate potential disruptions to business operations as the certificate expiration deadline approaches.
Stay Updated on Daily Cybersecurity News. Follow us on Google News, LinkedIn, and X.
