Millions of Windows PCs Must Apply Secure Boot Update Before June 2026 to Prevent Boot Failures
What Happened — Microsoft disclosed that Secure Boot certificates issued in 2011 will expire in June 2026. Any Windows device that has not installed the 2023 Secure Boot firmware update will be unable to validate the expired certificates and could fail to boot once the deadline passes.
Why It Matters for TPRM —
- Unpatched endpoints may experience sudden service disruption, jeopardizing business continuity.
- Boot‑failure incidents can trigger costly recovery efforts and breach of service‑level agreements with customers.
- Vendors that manage Windows fleets (MSPs, OEMs, internal IT) must verify compliance to avoid non‑conformance findings.
Who Is Affected — All sectors that deploy Windows PCs, including technology, finance, healthcare, manufacturing, government, and education.
Recommended Actions —
- Conduct an inventory of Windows devices and query the Secure Boot version via PowerShell or OEM tools.
- Deploy the 2023 Secure Boot update through Windows Update, WSUS, or OEM firmware patches.
- Embed the Secure Boot verification step into regular patch‑management and third‑party risk audit processes.
Technical Notes — The issue stems from the expiration of embedded Secure Boot certificates in UEFI firmware; no CVE or exploit is involved. The impact is limited to boot integrity, not data exfiltration. Source: TechRepublic Security