Microsoft Pushes 2023 Secure Boot Certificates Before 2011 Keys Expire in June 2026
Updated
Updated · ZDNet · May 18
Microsoft Pushes 2023 Secure Boot Certificates Before 2011 Keys Expire in June 2026
3 articles · Updated · ZDNet · May 18
June 2026 marks the expiry of Microsoft’s 2011 Secure Boot certificates, prompting coordinated Windows and firmware updates to install 2023 replacements across older PCs.
Without the new certificates, affected devices should still boot but can no longer receive pre-boot security fixes, updated boot managers, revocation lists, or trust new bootloaders.
2024-and-newer PCs increasingly already carry the updated certificates, and Microsoft said almost all devices shipped in 2025 include them with no customer action required.
Windows 11 users can verify the update in Windows Security under Secure Boot, while a PowerShell check can confirm whether the Windows UEFI CA 2023 certificate is present.
Most mainstream OEM systems on supported Windows versions should update automatically, but self-built PCs, servers, IoT devices, and some Linux-only setups may need manual firmware support.
A security time bomb ticks in millions of Windows PCs. Are you prepared for the June deadline, or is your system at risk?
Is your BitLocker-encrypted data truly private when Microsoft admits to sharing recovery keys with law enforcement?