Microsoft to Roll Out Second Phase of Secure Boot Certificate Update for 1.6 Billion Windows Devices in May

• May 3, 2026

Microsoft is set to launch the second phase of its Secure Boot certificate update in May, covering approximately 1.6 billion devices running Windows 10 and Windows 11 worldwide. This initiative aims to reinforce the integrity of device security amid expiring root certificates that have remained unchanged since 2011.

Expiring Secure Boot Certificates Prompt Critical Update

Secure Boot is a critical security feature in modern Windows operating systems designed to prevent unauthorized firmware, operating systems, or bootloaders from loading during the startup process. Core root certificates used by Secure Boot, which have not been updated for over a decade, are approaching expiration starting in June. Without this update, the effectiveness of Secure Boot protection on affected devices could be compromised.

The forthcoming update will involve new Secure Boot certificates being deployed sequentially across Windows platforms. Windows 10 devices will receive the update beginning May 13, while Windows 11 devices are scheduled for May 16. This staggered rollout is intended to ensure a smooth transition and accommodate the vast user base.

In addition to the backend certificate refresh, Microsoft will introduce visual indicators within the Windows Security application to notify users of the status of their Secure Boot certificates. This will include yellow and red warning prompts alerting users if their devices’ security certificates are nearing expiration or have expired. These alerts aim to raise awareness and encourage users to stay up to date with critical security components.

Maintaining updated Secure Boot certificates is essential for ensuring devices can reliably verify firmware and bootloader authenticity, helping to guard against low-level malware and sophisticated cyberattacks. This update reflects Microsoft’s ongoing commitment to enhancing device security for the extensive Windows user ecosystem.

Details regarding the update process or user actions required were not specifically disclosed. However, the phased nature of the rollout and integrated security warnings within the system indicate Microsoft’s focus on minimizing disruption while maintaining robust protection standards.

The update is a reminder of the complex security infrastructures underpinning widespread operating systems and the necessity for periodic maintenance to safeguard modern computing environments.

Microsoft begins second stage of Secure Boot certificate updates in May, impacting 1.6 billion Windows 10 and 11 devices with new security warnings.