Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Microsoft Secure Boot. Show all posts
Windows security update
Microsoft Secure Boot Secure Boot certificates expiry Technology Windows 10 ESU Windows security update

Microsoft Introduces Secure Boot Status Dashboard Ahead of Certificate Expiry

 

Microsoft is preparing for the upcoming expiration of its original 2011 Secure Boot certificates, set for June 2026, by introducing a new Secure Boot status dashboard within Windows. This feature is designed to help users verify whether their systems remain protected during startup.

Beginning this month, the dashboard will be integrated into the Windows Security app. Users will find a Secure Boot status indicator under the Device security section, specifically within Secure Boot settings.

"The Windows Security app now shows whether your device has received these updates, what your current status is, and whether any action is needed," Microsoft says on a new support page.

The indicator will display three possible statuses. A green badge confirms that the system has received the necessary updates. A yellow badge signals a recommendation from Microsoft, often suggesting a firmware update to install the latest certificates. A red badge indicates that the device is unable to receive the updated Secure Boot certificates.

“This state appears only after a security vulnerability that affects the boot process is discovered and cannot be serviced on devices that have not yet received the updated certificates. This could occur as early as June 2026, when some of the current Secure Boot certificates begin to expire,” the company says.

In addition to the visual indicators, Microsoft will provide detailed guidance within the dashboard, advising users on steps to resolve issues. These may include updating the Windows operating system or contacting the device manufacturer.

Secure Boot plays a critical role in ensuring that only trusted software runs during the startup process, protecting systems from persistent malware that can survive OS reinstalls. However, many devices are still running Windows 10, which reached end of support in October and no longer receives standard security updates.

Earlier this year, Microsoft cautioned that such unsupported Windows 10 systems would not receive the new Secure Boot certificates. The only exception applies to devices enrolled in the Windows 10 Extended Security Updates (ESU) program, which offers limited continued protection.

Microsoft confirmed that the new Secure Boot status indicator will be available only on Windows 10 ESU systems and Windows 11 devices. Systems running unsupported versions of Windows 10 should assume their certificates will begin expiring from June onward.

For eligible systems, the updated certificates are expected to be delivered automatically through routine monthly updates. However, some devices may still require a separate firmware update from the PC or motherboard manufacturer before the certificates can be applied—hence the yellow and red warnings.

Even if a system does not receive the updated certificates, it will continue to function. However, Microsoft cautions: “The device will enter a degraded security state that limits its ability to receive future boot-level protections,” leaving it vulnerable to potential “boot-level vulnerabilities” that attackers could exploit.

Users facing a red status will also have the option to proceed without taking action by selecting “I accept the risks, don’t remind me.”

Microsoft plans to expand alerts related to Secure Boot beyond the Windows Security app. “Beginning in May 2026, additional improvements will become available, including notifications outside the app (such as system alerts) and additional in-app guidance and controls to help you respond to Secure Boot warnings.”
Read more »
Subscribe to: Comments (Atom)