By Sergiu Gatlan
Publication Date: 2026-02-10 17:00:00
Microsoft has begun rolling out updated Secure Boot certificates through monthly Windows updates to replace the original 2011 certificates that will expire in late June 2026.
Introduced in 2011, Secure Boot ensures that only trusted bootloaders can load on computers with UEFI firmware, helping block malicious software, such as rootkits, from executing during system startup by verifying its digital signature against a set of trusted digital certificates stored in the firmware.
Microsoft first revealed plans to refresh expiring Secure Boot certificates on eligible Windows 11 24H2 and 25H2 systems in January, following a November alert warning IT admins to update the security certificates used to validate UEFI firmware before they expire.
“After more than 15 years of continuous service, the original Secure Boot certificates are reaching the end of their planned lifecycle and begin expiring in late June 2026,” said Windows Servicing and Delivery partner director…
