Your PC's critical security certificates may be about to expire - how to check

· Source: News and Advice on the World's Latest Innovations | ZDNET · Field: Technology & Digital — Cybersecurity & Data Privacy, Software Development & Engineering · Depth: Intermediate, medium

Summary

Microsoft Secure Boot certificates from 2011, which protect modern Windows and Linux PCs by ensuring only trusted software runs at startup, are set to expire in June 2026. This feature, standard on PCs since 2011, relies on a chain of cryptographic certificates, including the Key Exchange Key (KEK) and UEFI CA certificates, which validate boot components. If these certificates expire without being updated, the operating system will refuse to start, though users can disable Secure Boot (at the cost of BitLocker access). Microsoft issued replacement 2023 certificates and has been coordinating with hardware OEMs since 2023 to provision these on new devices and deliver updates to existing ones, largely through automatic Windows updates. Most users running supported Windows versions on major OEM PCs should receive these updates seamlessly.

Key takeaway

For CTOs overseeing IT infrastructure, ensure all Windows 10 (with ESU) and Windows 11 PCs receive automatic updates to prevent Secure Boot certificate expiration issues by June 2026. Verify that specialized systems, custom builds, or Linux-only machines have a plan for manual firmware updates from OEMs or motherboard manufacturers. Failure to update could compromise boot security and serviceability, potentially requiring BitLocker recovery keys if Secure Boot is disabled.

Key insights

Expiring 2011 Secure Boot certificates require updates to maintain PC security and boot functionality by June 2026.

Principles

Method

Check Secure Boot certificate status using PowerShell: `([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023')`. "True" means updated, "False" requires a firmware update.

In practice

Topics

Best for: CTO, General Interest, IT Professional, Software Engineer

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by News and Advice on the World's Latest Innovations | ZDNET.