Windows Secure Boot Certificate Expiry Puts Billions of PCs at Security Risk
ID: a03aa06c-db59-5d2a-b5b2-90b6e6a6f883
STIX ID: report--a03aa06c-db59-5d2a-b5b2-90b6e6a6f883
Feed Name: Cyber Press
Microsoft’s 2011 Secure Boot certificate chain is expiring (KEK CA 2011 expired June 24, 2026; UEFI CA 2011 expires June 27, 2026; Windows Production PCA 2011 expires October 19, 2026), and organizations must urgently transition firmware trust to the 2023 replacement certificates or risk permanently losing access to future Secure Boot protections, DB/DBX updates and mitigations. The advisory affects a broad installed base (Windows 10/11, multiple Windows Server releases and third-party-signed Linux boot components), warns of increased exposure to bootkits and early-boot malware, and recommends applying OEM firmware updates and deploying Microsoft’s certificate updates via Intune/Group Policy/Autopatch and verifying the transition status.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
