"Renewed Secure Boot certificates will be rolled out to Windows systems starting in June, as the old certificates are reaching the end of their lifecycle, Microsoft announced on Tuesday. Since 2011, Secure Boot has been providing protections against sophisticated threats by ensuring that only trusted, digitally signed software is executed from the moment the device is powered on, even before Windows starts."
"It relies on digital certificates that are stored in the device's firmware, and the current certificates, which have been in service for more than a decade and a half, will begin to expire in June, the tech giant explains. In line with industry best practices, the old certificates will be retired, and new ones will be rolled out to all supported Windows iterations, via automatic updates."
Secure Boot ensures only trusted, digitally signed software runs from device power-on and has protected systems since 2011. The firmware-stored Secure Boot certificates in use for more than fifteen years will begin expiring in June, prompting retirement of the old certificates and rollout of renewed certificates across supported Windows versions via automatic updates. Microsoft worked with firmware providers to add servicing capabilities and tools for gradual, safe deployment. OEMs have provisioned updated certificates on many new devices since 2024 and most 2025 shipments already include them. Most users with automatic updates will receive the new certificates, while some specialized systems may require separate firmware updates from device manufacturers.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]