Tech News
← Back to articles

Microsoft is refreshing Secure Boot certificates to plug security holes before they happen — if you bought a PC last year, you should be set

2026-02-10 | original
read original related products more articles

Microsoft is issuing new Secure Boot certificates to Windows PC users, as the initial certificates are reaching the end of a planned lifespan after 15 years and are set to expire in June 2026.

The company has been issuing new certificates as part of Windows updates for personal users, businesses, and schools that let Microsoft manage their updates.

Secure Boot is a process that runs at startup, prior to Windows loading, and uses cryptographic keys to verify that only trusted software can run. In a blog post , Nuno Costa, the partner director for Windows servicing and delivery, writes that "Retiring old certificates and introducing new ones is a standard industry practice that helps prevent aging credentials from becoming a weak point and keeps platforms aligned with modern security expectations."

But if you bought a PC in 2025, you're probably already set. Costa writes that Microsoft has been working with OEM partners, which have been obtaining new certificates since 2024. Machines from OEMs starting from 2024 and "almost all" systems shipped in 2025 already have new Secure Boot certificates. So if you bought one of the best ultrabooks or best gaming laptops , you should be in the clear.

If you let Microsoft to handle your PC updates, your certificates will be installed through the standard Windows update process. Microsoft is also recommending ensuring you have the latest firmware from vendor support pages. Microsoft points out that some servers or IOT devices may have different processes, and that a "fraction of devices" may require firmware updates from manufacturers before new Secure Boot certificates can be applied through Windows Update.

If your certificate expires, your PC should function as expected, though its security will be compromised.

"As new boot‑level vulnerabilities are discovered, affected systems become increasingly exposed because they can no longer install new mitigations," Costa writes. “Over time, this may also lead to compatibility issues, as newer operating systems, firmware, hardware, or Secure Boot–dependent software may fail to load."

... continue reading

Related:
Missing emails? Exchange Online is tagging legitimate messages as spam - here's what to do
Windows' original Secure Boot certificates expire in June—here's what you need to do
Your PC's critical security certificates may be about to expire - how to check
Microsoft will start refreshing Secure Boot certificates in March for Windows 11 and Windows 10 ESU users
Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws

© 2026 GoKawiil