PCWorld
Over the past few months, we’ve been reporting on a major change to the Secure Boot certificates used in Windows 11 , which are required for a secure system boot. Microsoft has repeatedly warned that Windows PCs will face serious problems from June onwards if outdated certificates are not updated in time. Microsoft has answered some outstanding questions on Secure Boot with Windows Latest and has given the all-clear on a number of points: June 24th should not be viewed as a “hard” deadline after which it will no longer be possible for affected systems to use Secure Boot. Instead, this deadline relates specifically to the delivery of a Key Exchange Key, which serves as a security key for Secure Boot. In addition, there’s a second key (the DB Key) which isn’t due to expire until October 2026. So if you haven’t received all the new Secure Boot certificates by June 24th, all is not yet lost. Microsoft expects to be able to continue delivering boot managers until October using the second key. “There is no end date where the registry key and the update stop working,” confirmed Scott Shell, who works as a Principal Software Design Engineer at Microsoft. Nevertheless, there are certain restrictions that will apply after June to all systems that haven’t updated Secure Boot. For example, your system will no longer be able to download new DBX blacklists (these contain the signatures of faulty or dangerous bootloaders that could harm your system and are therefore blocked by Windows). What if you don’t use Secure Boot? Microsoft has answered another important question: What happens to all the systems that don’t currently have Secure Boot enabled but may wish to use it in the future? If Secure Boot is disabled, Microsoft can’t update the necessary certificates. This isn’t a problem if Secure Boot stays disabled (although Secure Boot is recommended to protect your PC from threats). Shell explained that Microsoft will update the boot manager on these computers to the version signed for 2023. The boot manager itself is therefore ready for use, but the appropriate certificates are still required. If these are not available, the computer may fail to start at all. Before enabling Secure Boot for the first time, every user or system administrator must therefore ensure that the latest certificates are first downloaded manually. Microsoft has set out the exact procedure for this on this support page . Meanwhile, virtual machines hosted via the Azure cloud that use either “Secure Launch” or “Trusted Launch” will receive the new certificates automatically. In this case, you don’t need to do anything further. Are there any differences between Windows 11 and Windows 10? When asked whether there are any differences between the Secure Boot updates for Windows 10 and Windows 11, Microsoft replied in the negative. Windows 10 will continue to receive relevant security patches as part of Extended Security Updates until October, and the Secure Boot certificates are included in this. The only difference is that some older systems were not shipped with Secure Boot enabled by default or are running configurations that don’t send telemetry data to Microsoft. In this case, you will need to take some extra steps to obtain the certificates. It’s best to use the new indicator tool to check whether Secure Boot certificates are updated , then download them manually. Microsoft emphasizes: the sooner your certificates are updated, the better.
Go to News Site
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
PCWorld
9to5Mac 
Gizmodo 
GameSpot 
Bloomberg Tech 
