Microsoft has released KB5074110 for Windows 11 24H2 and 25H2 to address Secure Boot certificate expiration issues, updating boot files and pre-loading new Secure Boot certificates to avoid errors starting June 2026. The update replaces the old bootmgfw.efi file with a newly signed version and updates the Secure Boot Signature Database on compatible systems, while leaving older systems unchanged. Users running these versions of Windows with Secure Boot are encouraged to install this update immediately to prevent potential boot issues. Additionally, users are advised to create a Secure Boot recovery USB if they recently reset their BIOS to avoid boot failures caused by the old boot manager
Windows 11 Setup Dynamic Update: Fixing Secure Boot Certificate Expiration Issues with KB5074110
Microsoft has released KB5074110, an update for Windows 11 24H2 and 25H2 that refreshes the boot files and pre-loads the latest Secure Boot certificates to prevent a "Secure Boot violation" error due to expiring certificates in June 2026. The update replaces the old 2011-signed bootmgfw.efi file with a fresh 2023-signed version, updates the Secure Boot Signature Database (DB), and leaves older systems without the new certificate unchanged. If you're running Windows 11 24H2 or 25H2 and use Secure Boot, it's recommended to install KB5074110 via Windows Update now.
