Microsoft is set to implement major updates to its Secure Boot system, with the expiration of Secure Boot certificates occurring for the first time in June. Secure Boot is a crucial Windows feature that ensures each driver is signed by a valid certificate at startup. This system is essential for protecting enterprise networks from threats like firmware attacks and ransomware.
Secure Boot is integrated into the UEFI firmware standard, which succeeded the BIOS model in modern computers. This feature was first introduced in 2011, and until now, Secure Boot has relied on certificates from that year. However, beginning on June 27, these certificates will start expiring, meaning that while devices will continue to operate, they will no longer receive critical security updates for the boot process. This includes new protections for Windows Boot Manager, updates to the Secure Boot database, and updates to revocation lists for malicious software.
For desktop users, the fix is straightforward—a simple Windows Update along with a new UEFI firmware upgrade. However, for Windows Server users, the process is more complicated due to the need for manual updates. Administrators will have to execute PowerShell commands, check registry keys, validate firmware, and monitor deployments across their server environments.
Some systems might not support automatic certificate updates due to hardware or firmware limitations, creating challenges for those running unsupported devices. For such systems, replacing obsolete hardware might be the only viable solution.
Additionally, Microsoft is collaborating closely with major hardware OEMs, like HPE, Dell, and Lenovo, to ensure that updates are available so that systems can accept the new certificates.
For resources regarding the certificate upgrade, Microsoft offers:
- Secure Boot Guidance
- Secure Boot Playbook for Clients
- Windows Server Secure Boot Playbook
- Secure Boot Status Report in Windows Autopatch
As these changes loom, enterprises must prioritize this update to maintain device integrity and safeguard against emerging threats.