In a recent Q&A session, Microsoft’s security experts shed light on the implications of an upcoming change to Secure Boot certificates, set to take effect in June 2026. This change could significantly impact the security landscape for Windows PCs, particularly those running Windows 11.
What happens if you don’t update
During the session, Principal Security Engineer Arden White, Principal Software Architect Scott Shell, and Group Engineering Manager Richard Powell discussed the potential consequences of neglecting to update Secure Boot certificates. According to their insights, if users fail to address the Secure Boot certificate deadline, their Windows 11 PCs may continue to function normally. However, this could come at a steep cost: the absence of essential boot-critical updates and malware blacklists (DBX blocklists) from Microsoft.
If you ignore the Secure Boot certificate deadline in June 2026, your Windows 11 PCs would likely still start and run normally, but system security may be permanently compromised as Microsoft will no longer provide boot-critical updates and malware blacklists (DBX blocklists). You can check the Secure Boot status in the Windows Security app.
Without the new Secure Boot certificate, systems will be unable to run the latest Windows Boot Manager, which means that critical security updates for boot-related binaries will cease. This lack of updates could leave systems vulnerable to bootkit malware, and users may find themselves unable to install future Windows feature updates.
Things to keep in mind
Interestingly, older computers that operate on BIOS rather than UEFI are generally exempt from this issue and will not receive the update. Microsoft has also indicated that it is normal for Windows PCs to undergo multiple restarts during the installation of new Secure Boot certificates. Notably, existing BitLocker encryption does not need to be disabled during this process.
The newly issued Secure Boot certificates are valid until 2038, providing a long-term solution for users who take the necessary steps to update their systems.
How to check the status of your Windows PC
To verify the Secure Boot status of your Windows PC, navigate to Windows Settings, then to Privacy & Security > Windows Security > Device Security. A green circle with a white checkmark indicates that your system is prepared for the June 2026 deadline. Conversely, if you encounter a yellow or red warning, further investigation is warranted.
This information was originally published by our sister publication, PC-WELT, and has been translated and localized from German.
<h3 class="articleauthorhead”>Author: Hans-Christian Dirscherl, Managing Editor, PC-WELT
Hans-Christian Dirscherl began his IT journey with Autoexec.bat and config.sys, Turbo-Pascal and C, Sinix and Wordperfect. With nearly 25 years of experience, he has covered a wide array of IT topics, from news to reviews and buying guides.
