Windows Secure Boot Certificate Expired in June, Microsoft Issues Warning

Microsoft has issued an urgent warning to Windows users about an impending security certificate expiration that could significantly impact device functionality.

The tech giant announced that Secure Boot certificates used by most Windows devices are scheduled to expire starting in June 2026, potentially affecting the ability of personal and business computers to boot securely if not properly updated.

The announcement came alongside the release of an out-of-band update (KB5064489) on July 13, 2025, designed to address immediate security concerns and prepare systems for the upcoming certificate transition.

This critical update carries the OS Build number 26100.4656 and includes essential quality improvements to ensure system stability.

Understanding the Impact

Secure Boot is a fundamental security feature that helps prevent malicious software from loading during the computer startup process.

When these certificates expire, affected devices may encounter boot failures or security vulnerabilities, potentially leaving systems exposed to malware attacks.

The expiration affects a broad range of devices, from personal computers to enterprise-level business systems.

Microsoft strongly recommends that users and IT administrators review the provided guidance and take proactive steps to update certificates well in advance of the June 2026 deadline.

The company has published detailed preparation steps to help users navigate the certificate renewal process smoothly.

Critical System Fixes

The newly released update addresses several significant issues beyond certificate preparation. Most notably, it resolves a problem that prevented certain Azure Virtual Machines from starting when Virtualization-Based Security (VBS) was enabled.

This issue specifically affected VMs using version 8.0 where VBS was offered by the host, particularly impacting standard General Enterprise (GE) VMs running on older VM SKUs in Azure environments.

The root cause was identified as a secure kernel initialization issue that disrupted the normal boot sequence. This fix is particularly crucial for businesses relying on Azure’s cloud infrastructure for their operations.

The update is cumulative, incorporating security fixes and improvements from the July 8, 2025, security update (KB5062553).

It also includes a Windows 11 servicing stack update (KB5063666) that enhances the component responsible for installing Windows updates, ensuring more robust and reliable update installation processes.

Microsoft has confirmed that no known issues currently exist with this update, indicating thorough testing before release.

Users can obtain the update through standard Windows Update channels, the Microsoft Update Catalog, or Windows Server Update Services.

Given the critical nature of both the certificate expiration and the system vulnerabilities addressed, Microsoft urges all Windows users to install this update immediately.

Organizations should prioritize testing and deployment across their networks to prevent potential disruptions to business operations when the certificate expiration deadline approaches.

Stay Updated on Daily Cybersecurity News . Follow us on Google News, LinkedIn, and X.