Microsoft warns its users that Secure Boot certificates will expire in June 2026. Additionally, this will also affect Windows 11. This is a security feature during booting that requires an update to avoid problems or security vulnerabilities.
As Windows 10 approaches its end, and amid an emerging coalition against Microsoft, users of the operating system are encountering a new issue. The expiration of Secure Boot certificates is set for June 2026, which will also affect Windows 11. Unfortunately, one of the consequences is that the PC may ultimately refuse to boot.
Here’s why your Windows 10 PC might refuse to boot
For personal PCs managed by Microsoft, the transition will happen automatically via Windows Update, requiring no action from users. For enterprise users, their IT department will be responsible for managing the replacement of certificates.
The situation is particularly complicated for Windows 10 users whose support ends on October 14, 2025, with a possible one-year extension. It’s worth noting that Windows 11 has become significantly more popular due to the diminishing support for its predecessor, following one of its last updates.
However, for Windows 10 users, the only solution is to subscribe to the paid security extension program to receive new certificates or migrate to Windows 11. While failing to update the Secure Boot certificates won’t outright prevent the PC from booting, Microsoft warns: “The user’s PC will gradually stop receiving certain security updates.” This includes fixes for the boot manager and secure boot components.
This situation makes PCs running Windows 10 vulnerable to “BootKits that can take full control of the PC.” These are malicious software that infect the PC deeply at boot time.
For PCs running Windows 10 LTSC that do not have the new certificates, they will not automatically receive them during the update to Windows 11 LTSC. It’s also important to note that if the firmware is reset to default values on a previously updated PC, Secure Boot may entirely block the boot process according to Microsoft. Recovery will then require “reapplying the 2023 certificate to the firmware database via the recovery application,” which necessitates a USB drive.
Source: Microsoft
