Applies To
Windows 10 Windows 10, version 1607, all editions Win 10 Ent LTSC 2019 Win 10 IoT Ent LTSC 2019 Windows 10 IoT Core LTSC Windows 10 Enterprise LTSC 2021 Windows 10 IoT Enterprise LTSC 2021 Windows 10, version 22H2, all editions Windows 11 Home and Pro, version 21H2 Windows 11 Enterprise Multi-Session, version 21H2 Windows 11 Enterprise and Education, version 21H2 Windows 11 IoT Enterprise, version 21H2 Windows 11 Home and Pro, version 22H2 Windows 11 Enterprise Multi-Session, version 22H2 Windows 11 Enterprise and Education, version 22H2 Windows 11 IoT Enterprise, version 22H2 Windows 11 SE, version 23H2 Windows 11 Home and Pro, version 23H2 Windows 11 Enterprise and Education, version 23H2 Windows 11 Enterprise Multi-Session, version 23H2 Windows 11 SE, version 24H2 Windows 11 Enterprise and Education, version 24H2 Windows 11 Enterprise Multi-Session, version 24H2 Windows 11 Home and Pro, version 24H2 Windows 11 IoT Enterprise, version 24H2 Windows Server 2012 ESU Windows Server 2012 R2 ESU Windows Server 2016 Windows Server 2019 Windows Server 2022 Windows Server 2025

Original Publish Date: February 10, 2026

KB ID: 5079373

Secure Boot helps ensure that your device starts using trusted software. The Microsoft Secure Boot certificates originally issued in 2011 begin expiring in June 2026. To maintain protection against new boot‑level threats, Microsoft is updating devices with a new set of 2023 certificates. Most devices will receive these updates automatically, but some systems may require additional firmware updates.

What happens if the certificates expire

If your device reaches the expiration date without the new certificates, it will still start and operate normally. Standard Windows updates will continue to install. However, the device will no longer be able to receive new security protections for the early boot process. This includes updates to Windows Boot Manager, Secure Boot databases and revocation lists, and fixes for newly discovered vulnerabilities in the boot chain.

As new threats emerge, a device in this expired state becomes progressively less protected. Scenarios that rely on Secure Boot trust (such as BitLocker hardening, boot‑level code integrity, or third‑party bootloaders and Option ROMs) may also be affected if they require updated Secure Boot trust.

What continues to work

  • The device continues to start normally.

  • Windows updates continue to install, except for boot‑related security components that require the updated certificates.

  • Everyday app use, networking, browsing, and most OS features remain unchanged.

What no longer works

  • New Secure Boot and Boot Manager protections cannot be applied.

  • Vulnerability fixes for the early boot environment - such as BitLocker bypass mitigations or Secure Boot revocations - will not be available.

  • Some third‑party components that rely on Microsoft Secure Boot trust may fail to update if they require newer certificate entries.

How to stay protected

Most personal Windows devices will automatically receive the new Secure Boot certificates through Microsoft‑managed updates. For devices managed by an organization, IT administrators should follow Microsoft’s Secure Boot certificate update guidance. Some devices may require an OEM firmware update to apply the new certificates correctly. For any device, personal or organization‑managed, contact your OEM for information about required firmware updates, keeping in mind that such updates may only be available for devices that are still within their support period. Keeping your device up to date ensures it continues to receive the full protections Secure Boot is designed to provide.

Note: Secure Boot should not be disabled to work around certificate expiration. Disabling Secure Boot significantly reduces device protection, removes safeguards against boot‑level malware, and can create new security and compliance risks. The recommended path is to ensure your device receives the updated 2023 Secure Boot certificates and any required OEM firmware updates.

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center