""As cryptographic security evolves, certificates and keys must be periodically refreshed to maintain strong protection," Microsoft's Nuno Costa said in the announcement blog. "Retiring old certificates and introducing new ones is a standard industry practice that helps prevent aging credentials from becoming a weak point and keeps platforms aligned with modern security expectations.""
"Costa says that while PCs will "continue to function normally" on an expired certificate, they will enter into a "degraded security state" that could limit future boot-level security updates, and may experience compatibility issues with future hardware or software."
""The new certificates will be installed automatically and require no additional action for the vast majority of Windows 11 users.""
Secure Boot certificates issued in 2011 will expire between June and October 2026. Microsoft will deploy new Secure Boot certificates automatically through regular Windows platform updates, beginning with the Windows 11 KB5074109 update. A certificate batch issued in 2023 already shipped with many devices sold since 2024, leaving older PCs to receive updates. Systems with expired certificates can continue to function but will enter a degraded security state that may limit future boot-level updates and cause compatibility issues. Some specialized servers or IoT devices may require separate firmware updates from OEMs.
Read at The Verge
Unable to calculate read time
Collection
[
|
...
]