-
Posts
-
-
-
By wrack · Posted
Just give a great simple monitor. No AI nonsense. What's next? AI mouse that knows where you want to move? -
By kiddingguy · Posted
Long live Snagit... 😁 -
By TarasBuria · Posted
Certificates for one of Windows 11's hardware requirements expire soon, here is what to know by Taras Buria Secure Boot is a known term for Windows 11 users. It is one of Windows 11's hardware requirements, and without it, the operating system cannot be installed, at least officially. Secure Boot was introduced in 2012 with the release of Windows 8, and its certificates, first issued in 2011, are set to expire soon. Now, Microsoft has posted a blog post about the importance of this event and why organizations and users must ensure their Secure Boot certificates are up to date. In a nutshell, Secure Boot is a special mechanism that ensures that your PC is using verified firmware and a trusted bootloader. Certificates released in 2011 will expire in June 2026, and if left outdated, will disrupt the integrity of the device startup process. Without new certificates, Windows Boot Manager and Secure Boot components can't receive security fixes, leaving affected devices exposed to bootkit malware (such as BlackLotus), which is very hard to detect with standard antivirus software. Other results of having expired Secure Boot certificates include the inability to trust software signed with new certificates. PCs that could be affected by expired certificates include physical and virtual machines (VMs) with supported versions of Windows 10, Windows 11, Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012, Windows Server 2012 R2. Copilot+ PCs released in 2025 are not affected. To avoid these potentially disastrous consequences, Microsoft urges organizations and users to update their entire PC fleet to newer certificates, which were released in 2023: Expiration Date Expiration Certificate Updated Certificate What it does Storing Location June 2026 Microsoft Corporation KEK CA 2011 Microsoft Corporation KEK 2K CA 2023 Signs updates to DB and DBX Key Enrollment Key (KEK) Microsoft Corporation UEFI CA 2011 (or third-party UEFI CA)* Microsoft Corporation UEFI CA 2023 Microsoft Option ROM UEFI CA 2023 Signs third-party OS and hardware driver components Signs third-party option ROMs Allowed Signature database (DB) October 2026 Microsoft Windows Production PCA 2011 Windows UEFI CA 2023 Signs the Windows bootloader and boot components So, what do you need to do? Microsoft says that the easiest solution is to let Microsoft manage your Windows updates. In the upcoming months, Microsoft will release new certificates as part of monthly cumulative updates, so it will take care of everything for you. The company also recommends enrolling Windows 10 devices in the Extended Security Updates program, which is free for regular consumers and paid for enterprises. Microsoft will also provide the necessary certificates for Linux systems that dual-boot Windows. Of course, not every Windows PC can receive such updates. For example, so-called "air-gapped" devices, which are physically isolated from the internet and local networks, cannot receive updates like your home PC does. For such devices, Microsoft offers limited support, which is detailed in the blog post. You can also track Windows Secure Boot certificate updates on a newly published support document. You can check if your system has Secure Boot enabled by pressing Win + R, typing msinfo32, and checking "Secure Boot State."
-
-
Recent Achievements
-
jfam earned a badge
One Month Later
-
TheRingmaster earned a badge
First Post
-
Kavin25 earned a badge
Conversation Starter
-
Leonard grant earned a badge
One Month Later
-
pcdoctorsnet earned a badge
Week One Done
-
-
Popular Contributors
-
Tell a friend
Recommended Posts