Breaking
GTA 6 Preorder Watch: Official Xbox Accounts Just Sent A Major Signal U.S. Urgently Needs Domestic Enriched Uranium As Full Russian Ban Nears Pope Leo's AI Encyclical Has Landed. It Offers Wisdom for Big Tech, Goverments and You Hermes Agentic AI Overtakes OpenClaw, 10 Shifts Leaders Need To Know GLP-1 Weight Loss Drugs Could Stop Cancer Progressing Says New Study FBI Warns Microsoft Users—New Attack Gains Access To Accounts If Your Name Isn't Western, AI Could Cost You The Promotion. Inside the World's Biggest Bet on Fusion Energy Scientists Warn The Sun Could Be About To Produce A ‘Superflare’ After Destiny 2’s Closure, PlayStation’s Live Service Push Is Officially In Shambles The ‘GTA 6’ Release Date Is Confirmed, And Everything We’ve Learned Recently More Details About The End Of ‘Destiny 2’ From Inside Bungie
Dark mode
Light mode
ClareNow
Search
ClareNow
Toggle sidebar
Security → Neutral

‘Restart Multiple Times’—Microsoft Changes Windows Next Week

Microsoft starts expiring critical Secure Boot certificates next week — "the clock is ticking" on a billion PCs.

Forbes 2 min read 7/10
‘Restart Multiple Times’—Microsoft Changes Windows Next Week
Key Takeaways
  • Microsoft begins expiring Secure Boot certificates including 'Windows UEFI CA 2010' and 'Microsoft Corporation UEFI CA 2011' starting June 1, 2026.
  • Over 1 billion Windows PCs worldwide are affected, requiring users to install the latest cumulative updates and restart multiple times (typically 2–3 reboots).
  • Previous Secure Boot certificate rotations occurred in 2022 and 2024, but this expiration is the largest in scale, targeting certificates used since the Windows 8 era.
  • Failure to update may result in a red screen boot error after June 1, rendering the device unusable until a recovery process is performed.
  • The update is mandatory for all Windows 10 and Windows 11 devices with Secure Boot enabled; Microsoft has provided no grace period or extension.
Over a billion Windows PCs face a ticking clock as Microsoft begins expiring critical Secure Boot certificates next week, forcing users to restart multiple times to avoid boot failures. The clock is ticking on a massive security update that could leave outdated machines unbootable. Microsoft will start invalidating older Secure Boot certificates on June 1, 2026, affecting every Windows device that has Secure Boot enabled. These certificates are used to verify the integrity of bootloaders and prevent malware like rootkits from loading during startup. The company has been warning for months through Windows Update notifications and security bulletins, but millions of users and enterprises have yet to apply the necessary patches. Users who have not installed the latest cumulative updates will need to restart multiple times—often two or three reboots—to fully refresh the certificate store and ensure the new certificates are active. The affected certificates include the 'Windows UEFI CA 2010' and 'Microsoft Corporation UEFI CA 2011', which are being replaced by newer versions with stronger cryptographic keys. This is not the first time Microsoft has rotated Secure Boot certificates; similar expirations occurred in 2022 and 2024. However, the scale this time is unprecedented, with estimates suggesting over one billion PCs could be impacted globally. Enterprise IT departments are scrambling to test and deploy the updates across fleets of managed devices, while consumers are urged to check Windows Update immediately. The move is part of Microsoft's ongoing effort to harden the Windows boot process against sophisticated attacks, such as the BlackLotus UEFI bootkit discovered in 2023. Security experts applaud the proactive rotation but warn that the short notice and required multiple restarts could frustrate users and lead to delayed compliance. In a worst-case scenario, devices that ignore the updates may fail to boot after June 1, displaying a red screen warning that the system has detected a tampered bootloader. Microsoft has not announced an extension or grace period, so the deadline is firm. This expiration highlights a broader challenge in the PC ecosystem: maintaining security across billions of devices with varying update habits. Going forward, Microsoft plans to enforce more frequent certificate rotations and may eventually require hardware-backed attestation. Users should check for updates today, ensure the 'KB5037850' or later patch is installed, and be prepared to restart multiple times. The next major certificate expiration is tentatively set for 2028, but interim patches may appear sooner.

Frequently Asked Questions

Secure Boot is a security standard developed by the PC industry to ensure that a device boots using only software that is trusted by the original equipment manufacturer. It verifies the digital signature of the bootloader and prevents unauthorized code, such as rootkits, from loading during startup.

Microsoft periodically rotates Secure Boot certificates to replace older certificates that may have weaker cryptography or be compromised. This expiration strengthens security against boot-level malware and ensures only trusted bootloaders can run.

To update Secure Boot certificates, install the latest cumulative Windows Update (such as KB5037850 or later). After installation, you may need to restart your PC two or three times to fully apply the certificate changes.

Most users will need to restart their PC at least twice, and in some cases three times, to complete the certificate refresh. Windows will prompt each time. Do not skip the restarts, as incomplete updates may leave the system vulnerable.

If you do not install the update by the expiration date (June 1, 2026), your PC may fail to boot. A red screen warning may appear indicating tampered bootloader detection, and you may need to perform recovery steps to restore access.

No. The certificate expiration affects both Windows 10 and Windows 11 devices that have Secure Boot enabled. Windows 8 and older versions may also be impacted if they are still supported, but Microsoft strongly recommends updating to a supported OS.

Topics

Secure Boot Windows Microsoft certificate expiration PC security boot failure Windows updates UEFI

Original source

www.forbes.com

Read original

Discussion

Join the discussion

Sign in to post a comment or reply.

No comments yet. Be the first to share your thoughts!

Sign in
Enter your email to receive a one-time sign-in code. No password needed.
Email address