Microsoft has issued a rare and urgent warning to Windows users worldwide: a foundational layer of PC security, embedded deep within system firmware, is about to expire and millions of devices may be affected.
At the center of the alert are Secure Boot certificates, cryptographic keys introduced more than a decade ago to ensure that only trusted software runs when a computer starts. These certificates, first deployed around the launch of Windows 8 in 2011, are now reaching the end of their lifecycle and Secure Boot certificates expire in June 2026.
For Microsoft, this is not a routine update. It marks the first time in Windows history that such core security certificates are being retired at scale, triggering what experts describe as one of the largest coordinated security transitions across the PC ecosystem.
Secure Boot operates behind the scenes, verifying firmware, bootloaders and system components before Windows even begins to load. Its purpose is simple but vital: prevent malicious code from hijacking a device during startup and reduce the risk of boot-level malware and security threats.
While PCs will continue to function after expiration, the consequences are gradual but serious. Devices that fail to update may enter a devices may enter a degraded security state, leaving them increasingly vulnerable to emerging threats and potentially incompatible with future software or drivers.
The expiring certificates often referred to as the “2011 certificates” are being replaced with a new generation issued in 2023. These updated certificates are already being distributed through Windows updates and, in some cases, firmware updates from hardware manufacturers.
Microsoft says most modern systems, particularly those shipped since 2024, already include the new certificates and will not be affected. But older devices especially those running unsupported versions of Windows may not receive these updates automatically. That creates a widening divide between fully protected systems and those gradually falling behind.
The company has warned that users may need to take action to ensure their devices remain secure, including verifying certificate status and applying necessary updates before the deadline. Users can now check Secure Boot status in Windows Security app to confirm whether their systems are prepared.
The timeline is tight. Industry guidance points to late June 2026 as the beginning of the expiration window, with some certificates continuing to expire later in the year. Microsoft has also published a Secure Boot certificate update playbook outlining steps for enterprises and IT administrators managing large fleets of devices.
For enterprises managing thousands of devices, the transition is particularly complex. It may require coordinated updates across operating systems, firmware and security policies. This transition also aligns with Microsoft’s broader Windows Insider program overhaul, reflecting deeper changes in how the company tests and deploys updates.
For most home users, the process will appear seamless at least initially. Systems that receive automatic updates will quietly transition to the new certificates without disruption.
But the risks increase significantly for those who delay updates or use unsupported systems. Devices stuck on older Windows versions may never receive the new certificates, effectively locking them out of future boot-level security protections. These concerns mirror broader industry incidents, including a critical iPhone security flaw, highlighting how vulnerabilities across platforms are becoming more frequent and severe.
Over time, that could mean more than just theoretical vulnerabilities. Experts warn it may eventually prevent certain applications, drivers or even newer versions of Windows from loading properly on affected machines.
Microsoft’s broader strategy also reflects ongoing changes in its update ecosystem, including a Windows 11 update overhaul aimed at giving users more control. This follows long-standing complaints about forced Windows restarts disrupting workflows.
latest Windows security updates
As the June deadline approaches, the message from Microsoft is unmistakable: this is not just another background patch. It is a foundational shift in Windows security one that users ignore at their own risk. The countdown has already begun.
