UMVA has learned that a critical deadline is looming for Windows users: June 24th, a date that could determine the future security and stability of their systems.
On this day, new Secure Boot certificates must be installed on all systems that utilize this essential security feature, which safeguards against various threats during startup. A warning about these updated certificates was first issued in January, giving users a heads-up on the impending deadline.
If systems don’t obtain the new Secure Boot certificates, users risk facing serious problems, including a potential guarantee that Secure Boot will cease to function properly. In the worst-case scenario, affected PCs may no longer be able to boot up properly, leading to complete system failure.
While the June 24th deadline isn’t a hard cutoff that will immediately brick PCs, users still have the option to obtain certificates retroactively, but only until October 2026, and it will require manual intervention, which isn’t ideal. Both Windows 11 and Windows 10 users who receive security updates via the ESU program are affected.
To ensure everything is in order with certificates, users should first install all the latest Windows updates, as Microsoft has been gradually rolling out the new Secure Boot certificates via Windows Update. The specific update that provides them to a given PC will vary from user to user.
In Windows 11, users can utilize the new Secure Boot certificate indicator to check the status of Secure Boot. By navigating to Windows Settings, then Privacy & security, and selecting Device Security, users can access the Secure Boot section and verify that the status is green, indicating the presence of all necessary certificates.
System administrators who need to manually load Secure Boot and its relevant certificates should consult Microsoft’s official support page for guidance. This resource also provides a link to Microsoft Support for users who encounter further issues.
It’s essential to note that if Secure Boot isn’t enabled on a system, updated certificates aren’t necessary, but only if the user has no intention of using Secure Boot. However, if there’s a chance Secure Boot will be used in the future, it’s best to enable it now to ensure automatic updates with the latest certificates.
Microsoft strongly recommends enabling Secure Boot for all users, as this security feature ensures that Windows is protected against malware and other potential threats during the boot process, providing an additional layer of defense against cyber threats.