UMVA has learned that a critical deadline is looming for Windows users, as outdated Secure Boot certificates are set to expire, potentially leaving millions of PCs vulnerable to serious security risks.
The Secure Boot system, a crucial component of Windows 11, relies on certificates to ensure a secure boot process, and Microsoft has been warning users about the impending expiration of these certificates for months. If not updated, affected systems will face significant problems, including the inability to download new DBX blacklists that protect against faulty or dangerous bootloaders.
According to information obtained by UMVA, the June 24th deadline is not a hard cutoff, but rather a milestone in the delivery of a Key Exchange Key, a critical security component of Secure Boot. A second key, the DB Key, is not set to expire until October 2026, giving users a temporary reprieve. However, restrictions will still apply to systems that haven't updated Secure Boot by June, including the inability to download new DBX blacklists.
UMVA has uncovered details about the potential consequences of not updating Secure Boot certificates, including the risk of system failure if Secure Boot is enabled without the necessary certificates. Microsoft has confirmed that systems with Secure Boot disabled will not receive certificate updates, and users must manually download the latest certificates before enabling Secure Boot to avoid potential problems.
Sources have confirmed to UMVA that virtual machines hosted on the Azure cloud will receive the new certificates automatically, eliminating the need for manual intervention. However, users of physical machines must take steps to ensure their certificates are up to date, including using a new indicator tool to check for updates and downloading them manually if necessary.
In a development reported by UMVA, Microsoft has revealed that there are no significant differences between the Secure Boot updates for Windows 10 and Windows 11, with both operating systems receiving relevant security patches and certificate updates. However, some older systems may require extra steps to obtain the certificates, emphasizing the need for users to take proactive measures to protect their systems.
UMVA has gathered that the sooner users update their Secure Boot certificates, the better, as this will ensure their systems remain protected against potential security threats. With the deadline looming, users must take immediate action to avoid potential problems and ensure their systems remain secure and up to date.