Impending Expiration of Windows Secure Boot Certificates: What You Need to Know
Windows Secure Boot certificates start expiring June 24
Image: Notebookcheck
Starting June 24, 2023, Secure Boot certificates from 2011 will begin to expire, affecting boot security on Windows PCs. While devices will still boot normally, they will lose access to future boot-level security updates, posing risks to systems, especially those running older hardware or unsupported versions of Windows 10.
- 01Three key Secure Boot certificates will expire: Microsoft Corporation KEK CA 2011 on June 24, Microsoft UEFI CA 2011 on June 27, and Microsoft Windows Production PCA 2011 on October 19.
- 02Devices with expired certificates will continue to boot but will not receive updates for new boot-layer vulnerabilities, increasing security risks.
- 03Windows 11 users on supported builds will receive automatic updates, while older Windows 10 users may face challenges in obtaining the new certificates.
- 04To check the Secure Boot status, users can access Windows Security and navigate to Device Security.
- 05Older hardware may require firmware updates from manufacturers to support the new certificate chain, which may not be available for all devices.
Advertisement
In-Article Ad
Starting June 24, 2023, three Secure Boot certificates from 2011 will begin to expire, affecting the boot security of many Windows PCs. The first to expire is the Microsoft Corporation KEK CA 2011, followed by the Microsoft UEFI CA 2011 on June 27, and the most critical, the Microsoft Windows Production PCA 2011, on October 19. While devices will continue to boot normally, they will lose the ability to receive future boot-level security patches, exposing them to potential vulnerabilities, especially from exploits like BlackLotus. Windows 11 users on supported builds will receive automatic updates, but users of older hardware and unsupported Windows 10 systems may face difficulties. Those on Windows 10 outside the Extended Security Updates program will not receive the new certificates. Users can check their Secure Boot status through Windows Security. For devices requiring firmware updates, contacting OEM support may be necessary if the 2023 certificates do not appear after applying the latest updates.
Advertisement
In-Article Ad
The expiration of these certificates could leave older Windows PCs vulnerable to boot-level exploits, which may affect users' data security and system integrity.
Advertisement
In-Article Ad
Reader Poll
Are you concerned about the expiration of Secure Boot certificates?
Connecting to poll...
Read the original article
Visit the source for the complete story.