Microsoft Issues Secure Boot Warning Ahead of 2026 Certificate Expiry Date
Microsoft has issued a warning about an upcoming security change that could quietly affect millions of Windows PCs over the next year. Here we are talking about Secure Boot, the low-level protection that checks system integrity before Windows even starts.
Microsoft prepares for June 2026 Secure Boot certificate expiration
In a dedicated blog post, Microsoft has once again confirmed that the original Secure Boot certificates, first introduced more than a decade ago, will begin expiring in June 2026. When the cutoff date comes, devices that haven’t transitioned to newer certificates won’t suddenly fail, though. Windows will still boot, and apps will still run, but security won’t be the same.
According to Microsoft, affected systems will move into a reduced protection mode. That means future boot-level defenses may no longer apply, leaving devices increasingly exposed as new threats emerge. For those unaware, Secure Boot operates at the firmware layer. It’s designed to stop malicious code from loading before the operating system has a chance to respond. Over time, however, cryptographic credentials age.
Microsoft says keeping outdated certificates in place would eventually weaken the entire trust chain. To avoid that, updated certificates are already being distributed through standard monthly Windows updates on supported versions of the OS. For most users, the transition happens automatically and requires no interaction.
Risks for unsupported systems and older hardware
Worth noting that systems running unsupported Windows versions won’t receive the update. This includes Windows 10 PCs that haven’t joined Microsoft’s Extended Security Updates program. While those PCs may continue to function, they’ll be locked out of future Secure Boot protections.
Microsoft notes that this could also lead to compatibility problems down the line. New firmware, hardware, or security-dependent software may refuse to load on systems stuck with expired credentials. Behind the scenes, Microsoft has been coordinating with major PC makers to smooth the rollout. Dell, HP, and Lenovo say newer devices already ship with updated certificates, covering most systems released since 2024.
Meanwhile, older PCs may need a separate firmware update from the manufacturer before Windows can apply the new certificates. Microsoft is urging users to check OEM support pages and keep firmware current. That’s not all; the company has said that in the coming months, Windows will also surface certificate status inside the Windows Security app, which would give users clearer visibility.
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
User forum
0 messages