Microsoft has begun rolling out a global Secure Boot update for Windows devices, marking the end of security certificates that have been in use for more than 15 years. The move represents one of the most significant boot-level security upgrades in the Windows ecosystem in over a decade.
Secure Boot was first introduced in 2011 to prevent malicious software from interfering with a system during startup. Over time, it became a core hardware requirement, especially with the launch of Windows 11. However, the original certificates issued back in 2011 are approaching expiration, with validity ending between June and October 2026.
To address this, Microsoft is replacing the legacy certificates with newer versions issued in 2023. According to Microsoft engineer Nuno Costa, regularly rotating cryptographic certificates is a standard industry practice. As cyber threats evolve, outdated credentials can become weak points, making renewal essential to maintain trust at the firmware and boot level.
One major concern among users has been whether systems will stop working once the old certificates expire. Microsoft has clarified that PCs and laptops will continue to operate normally even if the certificates are not updated. However, those systems would run with reduced security protections, potentially limiting future boot-level updates and causing compatibility issues with newer hardware or software.
Microsoft has already started distributing the update automatically through Windows Update, including patch KB5074109. For most Windows 11 users, no manual action is required. The new Secure Boot certificates will be installed silently in the background as part of routine updates.
There are a few exceptions. Certain servers and IoT devices may require additional steps, and some systems could depend on firmware updates provided directly by hardware manufacturers. Users in those cases are advised to check support documentation from their device makers to ensure full compatibility.
For users still running Windows 10, the situation is slightly different. Access to the new Secure Boot certificates requires enrollment in Microsoft’s Extended Security Updates program. This paid option allows continued access to critical security updates beyond Windows 10’s standard support lifecycle.
Overall, this Secure Boot refresh highlights Microsoft’s ongoing effort to strengthen foundational security across the Windows platform. While largely invisible to everyday users, the update plays a crucial role in protecting systems from increasingly sophisticated attacks that target devices before the operating system even loads.
 Origin: The Verge
