The expiration of several older Microsoft certificates on June 24th has left many Windows 10 and 11 users facing a critical security update issue. Without properly updated certificates, Windows Secure Boot will stop working, compromising the security of their systems.
Microsoft has temporarily suspended the issuance of new certificates for certain PCs, including several HP models. The company explains that on most PCs, the full set of Secure Boot certificates will install automatically through Windows Update. However, some devices may require a firmware update from the PC manufacturer before they can install the necessary Secure Boot updates.
Many OEMs are actively releasing these firmware updates through their standard update channels, and users can check their OEM's Secure Boot support page for next steps. In some cases, Windows Security might indicate that Secure Boot certificate updates are temporarily paused or blocked, displaying messages such as "Devices in this group are affected by a known issue" or "Secure Boot is on, but your device does not support the automated Secure Boot certificate update due to hardware or firmware limitations."
The risk of running into trouble due to outdated certificates is currently low, but it is likely to increase over time. Users who are affected by this problem have no choice but to wait for a solution from Microsoft and their computer manufacturers. Unfortunately, it is not possible to force the Secure Boot update.
Microsoft has stated that while PCs with un-updated Secure Boot certificates will continue to start and operate normally, they will miss out on the latest security updates. As new threats emerge, a device in this expired state becomes progressively less protected, and features that rely on Secure Boot may stop working properly.