Windows Secure Boot security deadline arrives today

Microsoft has initiated a multi-stage firmware update to phase out aging cryptographic keys across global PC networks.

Microsoft's legacy Secure Boot certificate expires today, June 24, 2026. The mandatory firmware key rotation impacts upcoming Windows updates and system security.

Darryl Linington, Published 06/24/2026

The clock just ran out on a 15-year era of PC startup security. Today, June 24, 2026, Microsoft's original 2011 Secure Boot key officially expired inside billions of motherboards. This expiration forces a massive, multi-stage firmware transition to a newer 2023 certificate chain, a move that will change how PCs validate trusted software before the operating system even loads.

Current operation vs long-term risk

Your computer will not crash today. PCs relying on the legacy 2011 keys still boot normally, and apps run without hitting major issues. Microsoft designed this deadline as a background infrastructure swap rather than an immediate kill-switch.

The danger builds later. If a machine misses the migration to the new 2023 keys, it loses the ability to process future boot-level security patches. Windows will stop updating the Windows Boot Manager, the Secure Boot databases, and the DBX revocation blacklists on these unpatched devices. That leaves the hardware defenseless against specialized, firmware-level threats like the BlackLotus bootkit, which infects systems long before any traditional antivirus software wakes up.

Automated updates and hardware errors

For most users, the fix lands silently through the monthly Windows Update pipeline. Windows simply replaces the old key with the updated Microsoft Corporation KEK 2K CA 2023 certificate. The clock is ticking on the next milestone too, since the Microsoft UEFI CA 2011 certificate expires in three days on June 27. Modern PCs built from 2024 onward already carry these newer keys from the factory.

Older devices and custom rigs face issues. Certain aging motherboard architectures require a manual BIOS flash before they can support the larger cryptographic key sizes of the 2023 certificates. Technicians also report higher failure rates on Windows 11 machines that used workarounds to bypass CPU or TPM hardware checks.

For more information on how to check if your device is Secure Boot ready, Notebookcheck recently published "How to check if your PC is Secure Boot ready."

Source(s)

Windows Blog/Secure Boot certificate updates

Microsoft Learn

Windows Latest

⟨

Google Pixel 10 Pro drops to all-time best price on Amazon for Prime Day

The best tablet in its class is inexplicably held back | Oppo Pad Mini

⟩

Add as a preferred source on Google

Loading Comments

Comment on this article

Darryl Linington - Tech Writer - 347 articles published on Notebookcheck since 2025

I’m a tech editor and journalist with more than 20 years of experience covering smartphones, AI, gaming hardware, and emerging technology. I’m passionate about making complex topics clear, engaging, and relevant—especially when they shape how we live, work, and play. I’m also an author with a love for psychological thrillers, horror, and honest, emotionally driven storytelling. My books include Drowning, 3:33 a.m., The Midnight Murderer, Keystrokes of Vengeance, and Life’s Too Short For This Sh!t!. Whether I’m writing about technology or fiction, my goal is always to connect with readers, spark thought, and leave a lasting impression. Inspired by my daughters and shaped by years of media experience, I bring curiosity and purpose to everything I write.

contact me via: @DarrylLinington, Facebook, DarrylLinington, LinkedIn

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2026 06 > Windows Secure Boot security deadline arrives today

Darryl Linington, 2026-06-24 (Update: 2026-06-24)

Current operation vs long-term risk

Automated updates and hardware errors

Source(s)

Related Articles