Microsoft has announced that the Secure Boot certificates issued in 2011 will begin expiring in June 2026, which could impact future boot-level security updates for Windows users. While existing software will continue to function, users will need to install new 2023 certificates to receive ongoing updates, particularly if they utilize BitLocker or have enterprise policies requiring up-to-date boot-time attestation. Most modern PCs will automatically receive updates through Windows Update, but some devices may require manual firmware updates from the manufacturer. Users who rely on Secure Boot for credential protection or dual-boot setups should plan for a firmware refresh before the expiration date to mitigate security risks

Windows Secure Boot Certificates Issued in 2011 Begin Expiring in June 2026

Microsoft has published KB5079373, which alerts users to an upcoming expiration of Windows Secure Boot certificates issued in 2011, slated for June 2026. This expiration won't cause immediate problems with existing software, but it means you'll stop getting future boot-level security updates unless you install new 2023 certificates. Most modern PCs will receive these updates automatically through Windows Update, but some devices may need manual firmware updates from the manufacturer's support site. If you use BitLocker or have enterprise policies that require up-to-date boot-time attestation, it's recommended to plan a firmware refresh before June 2026.

Windows Secure Boot Certificates Issued in 2011 Begin Expiring in June 2026 @ NT Compatible