Microsoft warns of 2026 Secure Boot certificate expiry that may affect older PCs

InsightsWire News2026

Microsoft has issued a broad alert that a set of Secure Boot trust certificates will reach end-of-life in 2026, creating a practical deadline for firmware and platform updates. The certificates form part of the cryptographic chain used at system startup to validate OS and driver signatures; when those credentials expire, systems that depend on them can no longer verify new signed images unless replacement certificates are installed. Microsoft and major OEMs have cataloged which models and firmware revisions already include the refreshed credentials and which will need an update, and many devices manufactured in the most recent windows-era shipments already carry the new trust anchors. Administrators can inspect firmware settings to determine whether a system’s default certificate store contains the updated keys, a distinction that determines whether a simple BIOS reset will affect boot validation. For devices that lack the new certificates baked into firmware, vendors are offering BIOS updates or packaged delivery through system management utilities and Windows Update channels. Home users who cannot apply firmware revisions are being directed to vendor support and Microsoft customer service for remediation guidance. From an operational perspective, enterprises must treat the upcoming expiry as a scheduled infrastructure risk: unmanaged endpoints, remote workers, and legacy fleet segments are the most exposed. The technical remediation pathway is straightforward in principle—deploy updated firmware or install replacement certificate entries—but scale and validation across heterogeneous inventories are nontrivial. Organizations should inventory devices, test updates in controlled groups, and adjust imaging and deployment pipelines to include the new trust material. Failure to plan could produce uneven availability as some machines reject newer platform code or updates after the expiration threshold. The window for safe, automated remediation exists now, but it narrows as the expiry date approaches and as supply-chain or IT bandwidth constraints slow rollouts. Ultimately, the episode underlines that foundational cryptographic elements of modern PCs require lifecycle management similar to software patches: they must be tracked, tested, and refreshed before they expire to preserve seamless operation.

PREMIUM ANALYSIS

Read Our Expert Analysis

Create an account or login for free to unlock our expert analysis and key takeaways for this development.

By continuing, you agree to receive marketing communications and our weekly newsletter. You can opt-out at any time.

Free Access

No Payment Needed

Join Thousands of Readers

Recommended for you

Cybersecurity

Microsoft to Ship Windows with NTLM Blocked by Default, Pressing Enterprises to Migrate to Kerberos (US)

Microsoft will ship upcoming Windows Server and Windows 11 releases with NTLM network authentication blocked by default and new telemetry to reveal remaining dependencies. The urgency of the change is heightened by recent releases of precomputed tables that dramatically shorten the time to recover NTLMv1-protected credentials, increasing the risk profile for organizations that continue to accept legacy negotiations.

Cybersecurity

Microsoft pushes urgent Office patch for a newly exploited zero-day used in targeted intrusions

Microsoft released fixes for CVE-2026-21509 after detecting active exploitation that undermines Office protections; mitigations and patches cover major supported Office builds and CISA has flagged the flaw for immediate remediation. The vulnerability appears to be leveraged in focused operations requiring user interaction and complex exploit chains, elevating the priority for high-value targets to deploy updates quickly.

Cybersecurity

CISA orders federal agencies to inventory, patch and phase out unsupported edge devices

CISA has issued a binding directive requiring federal civilian agencies to identify, upgrade and remove internet-exposed edge devices that no longer receive vendor security updates, citing active exploitation by advanced threat actors. Agencies have staged deadlines — three months to inventory, 12 months to start removals and 18 months to finish decommissioning — with continuous monitoring required thereafter.

Cybersecurity

CERT-In alerts users to high-risk flaws in Apple Pages/Keynote and Google Chrome; apply patches now

India’s national cybersecurity agency has identified exploitable vulnerabilities in Apple Pages/Keynote and Google’s desktop Chrome that could allow data disclosure or remote code execution. Vendors issued fixes in late January 2026; organisations should prioritise deploying those updates immediately and treat them in the context of a broader trend of vendor emergency patches for document- and API-handling flaws.

Cybersecurity

Intel and Google uncover critical flaws in TDX after joint security review

A joint security review by Google and Intel found multiple vulnerabilities and dozens of bugs in Intel's Trust Domain Extensions (TDX), including a flaw enabling full compromise of a protected virtual machine during migration. Intel has issued patches and published an advisory after an extensive technical report and five months of collaborative analysis.

Cybersecurity

White House Revokes Prior Software Security Mandates, Shifts Risk Authority to Agencies

The Office of Management and Budget issued memorandum M-26-05, rescinding earlier centralized software security directives and returning responsibility for software and hardware security policy to individual agency leaders. The guidance encourages agency-specific, risk-based controls and expands attention to hardware supply chain risks while making previous attestations and component inventories optional rather than mandatory.

Markets & Economy

Intel warns memory shortage will persist through 2028

Intel’s CEO says global memory shortages will likely last until 2028, and rising AI-driven demand is already provoking supplier reallocations that squeeze consumer and midrange products. The combination of prolonged tightness and targeted wafer starts for high‑performance DRAM and HBM will keep prices elevated and complicate procurement for OEMs, cloud operators and smaller system integrators.

Cybersecurity

Compromised eScan Update Server Delivered Multi-Stage Malware to Users

Security researchers found that attackers pushed a malicious update through an official eScan update server on January 20, 2026, installing a multi-stage infection on both consumer and enterprise endpoints. eScan isolated affected servers, took them offline for over eight hours, and issued a manual cleanup utility while disputing aspects of the public disclosure.