A looming expiration of Secure Boot certificates, set to begin in June, could disrupt the functionality of "most Windows devices" if users fail to act, Microsoft has warned. The tech giant has issued an update, with details refined as of May 18, urging users to refresh their certificates in advance to avert potential boot failures. The company stated that devices not updated in time "might affect the ability of certain personal and business devices to boot securely."
The core issue revolves around expiring Secure Boot certificates, a critical component for secure device startup. Microsoft's latest update aims to pre-emptively address this by refreshing these certificates. Following the update, users may experience a "one-time restart" to implement the new certificates.
In parallel with this critical update, Microsoft has quietly introduced a new folder on all Windows PCs containing scripts. This addition, noted in an update on May 18, is described as facilitating "centralized Secure Boot deployment" and is intended primarily for "IT admins and system admins to automate the installations," and to "monitor and keep track of the Secure Boot update status." While this functionality is geared towards enterprise management through tools like Group Policy Object (GPO) deployment, the folder and its scripts are being distributed to all users, including those on Windows 11 Home.
Read More: NestJS 12 update features ESM migration and new tools in May 2026
Separately, Microsoft has acknowledged "patching issues in restricted Windows networks," though this concern is currently marked as low priority.
The Secure Boot feature is designed to ensure that only trusted software, initiated by the hardware manufacturer during the startup process, can run when a device is turned on. This measure is intended to protect the system from malware that might attempt to load before the operating system has booted.
