
Windows PCs still relying on Secure Boot certificates issued in 2011 are at risk as those certificates expire throughout 2026, with the final batch due to expire in October.
Secure Boot acts as a security checkpoint during the boot process, verifying that drivers and software have valid digital signatures before allowing them to run. Expired certificates mean this verification cannot function correctly, potentially allowing malicious bootkits to load before the operating system starts.
What users need to check
Users can verify their status by opening Windows Security, navigating to Device Security, and checking the Secure Boot section. A green checkmark indicates the certificates are up to date. A yellow or red warning means action is needed.
“If you want a picture of the future of LLM security, imagine Whac-a-Mole meets Groundhog Day,” The Register noted in its coverage of related security research, a sentiment that applies broadly to the challenge of keeping firmware-level security current across millions of devices.
Who is affected
The issue affects PCs where the hardware vendor has not issued a firmware update incorporating the 2023 Secure Boot certificates. Unlike operating system updates, which Microsoft can push automatically, firmware updates must be provided by each PC manufacturer, Dell, Lenovo, HP, ASUS, and others, and applied by the user.
For prebuilt PCs, users should visit the manufacturer’s support page for their specific model and look for BIOS or UEFI updates that mention Secure Boot certificate updates. For custom-built PCs, motherboard manufacturers’ support pages provide the relevant downloads.
What happens if no update is available
If a manufacturer no longer supports a particular model and no firmware update is available, the options are limited. Users can continue running the PC with expired certificates, it will still boot, but it becomes progressively more vulnerable to boot-level attacks over time. Hardware upgrade or switching to an operating system that handles Secure Boot differently are the main alternatives.
The broader industry context mirrors wider discussions about firmware security lifecycle management. As the PCWorld article noted, “You’ve probably seen countless warnings lately about Windows and expiring Secure Boot certificates”, the issue has been building for months, with multiple certificate deadlines through 2026.
Sources: Your Windows PC is at risk if you’re missing these security certificates (PCWorld, June 30, 2026)

