Windows 11 auto-replaces expiring Secure Boot certificates to preserve boot integrity

January 14, 2026 at 05:08 AM

•

1 min read

Windows 11 auto-replaces expiring Secure Boot certificates to preserve boot integrity — Photo: BleepingComputer

TL;DR Summary

Microsoft is automatically updating expiring Secure Boot certificates on eligible Windows 11 24H2/25H2 devices via quality updates, with a phased rollout to high-confidence machines; admins can also deploy certificates manually via registry, WinCS, or Group Policy. To avoid boot issues, devices must receive the updates before the June 2026 expiry, or risk losing Windows Boot Manager and Secure Boot protections; administrators should inventory devices, verify Secure Boot status, update firmware, then apply the certificate updates.

Topics:technology #certificates #it-admin #secure-boot #security #windows-11 #windows-update

Share this article

New Windows updates replace expiring Secure Boot certificates BleepingComputer

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

88%

636 → 75 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights