Microsoft Warns of Secure Boot Deadline in June 2026

Microsoft has announced that the original Secure Boot certificates, which have been used for Windows PCs since 2011, will expire in June 2026. These certificates are crucial for system security as they ensure that only trusted software is loaded during the boot process of a device. The expiration of these certificates could result in millions of Windows PCs becoming either insecure or unable to boot at all. The Secure Boot standard was developed by representatives of the PC industry and checks the cryptographic signature of each boot software component at every startup. This includes the Secure Boot certificates that are responsible for authenticating the software.

Without valid certificates, the Windows Boot Manager will not load, which can lead to significant issues. To minimize the impact of the certificate expiration, Microsoft has already provided new Secure Boot certificates for 2023. These certificates need to be transferred to the UEFI firmware of the motherboard, which is a complex process. Microsoft has set up a new Secure Boot folder on Windows machines where the cryptographic files are stored before being transferred to the motherboard. The IT news site Windowslatest reported on a Q&A session with Microsoft representatives, including Principal Security Engineer Arden White and Principal Software Architect Scott Shell.

They explained that the consequences for Windows PCs that ignore the deadline for the Secure Boot certificates could be severe. While the PCs will continue to boot and operate normally, system security will be permanently compromised. A central issue is that Microsoft will no longer provide boot-critical updates and malware blacklists (DBX blocklists) if the new certificates are not installed. This could leave systems vulnerable to attacks as they will no longer be protected against known threats. Users can check the Secure Boot status in the Windows Security app.

The necessity to install the new Secure Boot certificates is deemed urgent by Microsoft. Transitioning to the new certificates is not only a matter of security but also of system functionality. Without the update, access to important system features and updates may be restricted. Microsoft has already taken steps to support the distribution of the new certificates. The rollout of the new Secure Boot certificates will be gradual to ensure that all users are informed in a timely manner.

Microsoft's IT department is working to make the installation of the new certificates as smooth as possible. The deadline for renewing the Secure Boot certificates is a critical point for all Windows users. Microsoft has emphasized that the responsibility for installing the new certificates ultimately lies with the users. Those who miss the deadline should expect significant limitations in system security. The new Secure Boot certificates are an important component of Windows' security architecture. Microsoft plans to roll out the new certificates to all users by the end of May 2026. Users should actively seek to install the new certificates to protect their systems.