[domy_os]

Novi šokovi...

Secure Boot certificates expire in June 2026

https://techcommunity.microsoft.com/...e-2026/4426856

Citiraj:

Secure Boot protects Windows systems by validating firmware and boot components using trusted certificates. Microsoft-issued certificates used in Secure Boot are expiring in 2026. In the coming months, Microsoft will be rolling out updated Secure Boot certificates needed to ensure a secure startup environment of Windows. IT-managed environments must take action to ensure their systems remain secure and serviceable. This post outlines what enterprise IT admins need to know and do.

When will this happen:
- Microsoft UEFI CA 2011 and Microsoft KEK CA 2011 expire in June 2026.
- Microsoft Windows Production PCA 2011 expires in October 2026.
- Microsoft is rolling out updated certificates now via Windows Update to home users, businesses, and schools with devices that have updates managed by Microsoft.

Without updated certificates, Secure Boot-enabled systems may:
- Fail to receive future security updates.
- Be unable to validate new boot components.
- Face increased risk from boot-level vulnerabilities.

What you need to do to prepare:
- Check with your OEM for the latest available firmware updates. These updates ensure your device’s Secure Boot configuration can accept new certificates.
- Review the KB articles and blog post listed below.

Get familiar with the update paths available:
- Opt in to Microsoft-managed updates by enabling diagnostic data and setting the registry key MicrosoftUpdateManagedOptIn.
- Follow manual update steps for DB and KEK using published Microsoft guidance.
- Plan for future partially automated solutions that Microsoft will release to support self-service deployments.