Industry observers note that microsoft has repeatedly warned that Windows PCs will face serious problems from June onwards if outdated certificates are not revised in time. Over the past few months, we’ve been reporting on a major change to the Secure Boot certificates used in Windows 11, which are required for a secure system boot.
According to the latest update, instead, this deadline relates specifically to the delivery of a Key Exchange Key, which serves as a security key for Secure Boot. In addition, there’s a second key (the DB Key) which isn’t due to expire until October 2026. Microsoft has answered some outstanding questions on Secure Boot with Windows Current and has given the all-clear on a number of points: June 24th should not be viewed as a “hard” deadline after which it will no longer be possible for affected systems to use Secure Boot.
Industry observers note that microsoft expects to be able to continue delivering boot managers until October using the second key. So if you haven’t received all the fresh Secure Boot certificates by June 24th, all is not yet lost.
According to the latest update, “There is no end date where the registry key and the patch stop working,” confirmed Scott Shell, who works as a Principal Applications Design Engineer at Microsoft.
As part of the ongoing story, for example, your system will no longer be able to download fresh DBX blacklists (these contain the signatures of faulty or dangerous bootloaders that could harm your system and are therefore blocked by Windows). Nevertheless, there are certain restrictions that will apply after June to all systems that haven’t revised Secure Boot.
In a fresh development, microsoft has answered another important question: What happens to all the systems that don’t currently have Secure Boot enabled but may wish to use it in the future?
Industry observers note that this isn’t a problem if Secure Boot stays disabled (although Secure Boot is recommended to protect your PC from threats). If Secure Boot is disabled, Microsoft can’t patch the necessary certificates.
According to the latest update, the boot manager itself is therefore ready for use, but the appropriate certificates are still required. If these are not available, the computer may fail to start at all. Shell explained that Microsoft will patch the boot manager on these computers to the version signed for 2023.
Industry observers note that microsoft has set out the exact procedure for this on this support page. Before enabling Secure Boot for the first time, every user or system administrator must therefore ensure that the most recent certificates are first downloaded manually.
According to the latest update, in this case, you don’t need to do anything further. Meanwhile, virtual machines hosted via the Azure cloud that use either “Secure Rollout” or “Trusted Rollout” will receive the fresh certificates automatically.
In a fresh development, windows 10 will continue to receive relevant security patches as part of Extended Security Updates until October, and the Secure Boot certificates are included in this. When asked whether there are any differences between the Secure Boot updates for Windows 10 and Windows 11, Microsoft replied in the negative.
According to the latest update, in this case, you will need to take some extra steps to obtain the certificates. The only difference is that some older systems were not shipped with Secure Boot enabled by default or are running configurations that don’t send telemetry data to Microsoft.
According to the latest update, microsoft emphasizes: the sooner your certificates are revised, the better. It’s best to use the fresh indicator tool to check whether Secure Boot certificates are revised, then download them manually.
In a fresh development, this article originally appeared on our sister publication PC-WELT and was translated and localized from German.
The report highlights that after studying communication science, she went straight into a job at PCMagazin and Connect Living. Since then, she has been writing about everything to do with PCs and technology topics, and has been a permanent editor at our German sister site PC-WELT since May 2024. Laura is an enthusiastic gamer as well as a movie and TV fan.