ACCORDING to a support advisory, Microsoft has begun a massive rotation of UEFI Secure Boot certificates ahead of their expiry in June 2026, a 15-year tenure dating back to the Windows 8 era in 2011. In the run-up to the deadline, the company has started disseminating refreshed certificates via cumulative updates to ensure affected systems receive them before June.
The update is described as as critical as a security patch, with devices that fail to receive the renewal potentially facing compatibility issues as software relying on Secure Boot may not function correctly. Since January 2026, Microsoft has been distributing the new certificates to select Windows 11 (24H2/25H2) devices, with plans to extend the rotation to Windows 10, Windows 11, and other supported products.
For general users, routine updates are usually sufficient, but IT administrators in enterprise environments may need to intervene manually using specialised Microsoft scripts to complete the rotation where automated update cycles are unavailable.