it

Microsoft will start refreshing Secure Boot certificates in March for Windows 11 and Windows 10 ESU users

Published: (February 10, 2026 at 12:00 PM EST)
2 min read
Source: Engadget

Source: Engadget

Overview

Microsoft announced that it will refresh Secure Boot certificates in March. The original certificates were introduced when Secure Boot debuted in 2011. Secure Boot protects systems from running unsigned and potentially malicious code before Windows launches and is a requirement for Windows 11. It is also used by anti‑cheat software in games such as Valorant, Call of Duty: Black Ops 6/7, and Battlefield 6.

Impact of the Refresh

  • Degraded security state – Systems without the new certificates will continue to function, but they will enter a degraded security state that limits future boot‑level protections. This means reduced protection against malware and viruses targeting older Windows versions.
  • Eligibility – The new certificates are only being rolled out to:
    • Windows 11 systems
    • Windows 10 PCs that are subscribed to Microsoft’s Extended Security Updates (ESU)

Unsupported Windows versions will not receive the new certificates.

How to Obtain the Updated Certificates

  • Most users can receive the updated Secure Boot certificates automatically via Windows Update.
  • Some devices may require additional firmware updates from the system or motherboard OEM.
  • The status of your security certificates can be checked in the Windows Security app under the “Secure Boot” section in the coming months.

Microsoft’s Statement

“As cryptographic security evolves, certificates and keys must be periodically refreshed to maintain strong protection,” wrote Nuno Costa, Partner Director of Windows Servicing and Delivery, in a blog post. “Retiring old certificates and introducing new ones is a standard industry practice that helps prevent aging credentials from becoming a weak point and keeps platforms aligned with modern security expectations.”

Costa added that Microsoft has been working with OEMs such as Dell and HP to ensure a smooth transition. Many new systems built in 2024 already include the updated certificates, and “almost all” devices shipped last year have them as well. Microsoft has been informing IT customers about this transition since last year.

This article originally appeared on Engadget.
Read the original article

0 views
#Secure Boot #Windows 11 #Windows 10 #Microsoft Update #ESU #boot security #firmware certificates #malware protection
View source
Share:
Back to Blog

Related posts

Read more »