Microsoft has clarified that the June 24 Secure Boot certificate deadline is not a hard cutoff that will suddenly stop Windows PCs from booting. The date is important, but it mainly relates to the delivery of a Secure Boot Key Exchange Key. Users and IT administrators still need to update their certificates, especially before October 2026, but Microsoft says the situation is not as severe as some earlier warnings suggested.
Secure Boot helps protect Windows PCs by making sure trusted boot components load before the operating system starts. Microsoft has been updating the certificates used by Secure Boot because older ones are expiring. If those certificates are not updated, some systems may lose important protections or run into boot problems later, especially when Secure Boot is enabled after being disabled.
The good news is that June 24 is not the day affected PCs suddenly become unusable. Microsoft says there is no end date where the registry key and update stop working. The company also expects to keep delivering boot managers until October because another key remains valid until then.
The June 24 date is important, but it is not the final deadline
The June 24 deadline is tied to the Key Exchange Key used by Secure Boot. A second certificate, known as the DB Key, is expected to remain valid until October 2026. That gives Microsoft more time to deliver boot managers and gives users more time to update their systems properly.
Still, delaying the update is not ideal. Systems that do not receive the latest Secure Boot certificates may stop getting new DBX blacklist updates. These blacklists block known dangerous or faulty bootloaders, so missing them weakens one of Secure Boot’s main protections.
| Secure Boot detail | What users should know |
|---|---|
| June 24 deadline | Not a hard boot failure date |
| Main affected item | Key Exchange Key |
| Second key deadline | October 2026 |
| Risk after June | Some systems may stop receiving new DBX blacklist updates |
| Secure Boot disabled PCs | May need manual certificate updates before enabling Secure Boot |
| Windows 10 and 11 | Both use the same Secure Boot update process |
| Best action | Check certificate status and update sooner rather than later |
The message is simple: your PC is not expected to brick on June 24, but ignoring the update could create security or boot issues later.
PCs with Secure Boot disabled need extra care
Microsoft also clarified what happens on systems where Secure Boot is currently disabled. If Secure Boot is off, Windows cannot update the necessary Secure Boot certificates automatically.
That may not matter if you keep Secure Boot disabled. But if you later decide to turn it on, your PC may fail to start if the correct certificates are missing. This is especially important for older systems, custom PCs, dual boot setups, and machines managed outside standard Windows update flows.
Before enabling Secure Boot on a system where it was previously disabled, Microsoft recommends manually downloading and applying the latest certificates. This helps ensure the boot manager and Secure Boot database match correctly.
Windows 10 and Windows 11 are affected in the same way
Microsoft says there is no major difference between Windows 10 and Windows 11 for these Secure Boot certificate updates. Windows 10 systems that continue receiving updates through Extended Security Updates will also receive relevant Secure Boot patches.
The main difference is that some older Windows 10 PCs may not have shipped with Secure Boot enabled by default. Some systems may also use configurations that do not send enough telemetry data to Microsoft, which can make automatic detection harder.
That is why checking the certificate status matters. Microsoft has provided an indicator tool that can show whether a system has received the updated Secure Boot certificates.
Most users should update now instead of waiting
This is not an emergency for every home PC, but it is still something users should not ignore. Secure Boot is part of the chain that protects Windows before the operating system fully loads. If its certificate database becomes outdated, your PC may become less protected against boot level threats.
For home users, the safest approach is to keep Windows updated and check whether Secure Boot certificates are current. For IT administrators, the update deserves more attention because large fleets may include older systems, disabled Secure Boot states, or unusual firmware configurations.
The important point is that June 24 is not the end of the road. Microsoft has clarified that affected PCs should not suddenly fail on that date. But the certificate transition is real, and October 2026 remains the more important long term marker.
Updating now is the practical move. It avoids future boot issues, keeps Secure Boot protections current, and reduces the chance of problems if you enable or rely on Secure Boot later.
Discussion (0)
Be the first to comment.