Microsoft is changing Windows on most PCs. Critical Secure Boot certificates will expire for the first time ever in June. First launched in 2011, this Windows change means new certificates must be installed on all devices before the deadline.
Microsoft says it is “updating the Secure Boot certificates originally issued in 2011 to ensure Windows devices continue to verify trusted boot software.”
If you bought your PC in the last two years, you’re likely already running new certificates. You can check in your Windows Security App — details here. For all other users, the new certificates will be included in the regular monthly security updates. Users may have been updated in April, others will be updated in May.
But post April’s update, Microsoft warned that this process might trigger additional restarts on your PC. And while this will probably happen in May, if not already, it could happen at any point over the coming months as certificates change over.
“With recent and upcoming Windows updates over the next few months,” Microsoft says, some users might experience “one additional restart during installation. This one time restart occurs after a Secure Boot certificate update is applied.”
There are other complexities as well. The Windows Update process and Windows Security App will show a PC’s Secure Boot status, with critical red warnings where user “action is needed” before the Secure Boot deadline.
And Microsoft confirms that this update is only applicable to PCs eligible for security updates. That means hundreds of millions of Windows 10 PCs will not get new Secure Boot certificates and will face additional risks next month. Ensure you enrol in Microsoft’s extended security update (ESU) program if you’re affected.
