Microsoft is automatically replacing boot-level security certificates on Windows devices before they start expiring later this year. The new Secure Boot certificates will be rolled out as part of the regular Windows platform updates, according to Microsoft’s announcement blog, marking a “generational refresh” of the security standard.

Secure Boot was introduced in 2011 to protect systems from any unauthorized changes during the boot process, later becoming one of Windows 11’s hardware requirements. After 15 years, those 2011 Secure Boot certificates are now set to expire between June 2026 and October 2026. A new batch of certificates was issued in 2023 and already shipped with many new Windows-based devices sold since 2024, but older PC hardware will need to be updated.

“As cryptographic security evolves, certificates and keys must be periodically refreshed to maintain strong protection,” Microsoft’s Nuno Costa said in the announcement blog. “Retiring old certificates and introducing new ones is a standard industry practice that helps prevent aging credentials from becoming a weak point and keeps platforms aligned with modern security expectations.”

Costa says that while PCs will “continue to function normally” on an expired certificate, they will enter into a “degraded security state” that could limit future boot-level security updates, and may experience compatibility issues with future hardware or software. New Secure Boot certificates started rolling out with the Windows 11 KB5074109 update last month.

The new certificates will be installed automatically and require no additional action for the vast majority of Windows 11 users. Microsoft says that some specialized systems like server or IoT devices may follow different update processes, and that a separate firmware update from third-party manufacturers may be required for “a fraction of devices.” Check OEM support pages for more information. Windows 10 users will also need to enroll in Microsoft’s Extended Security Updates to receive the new certificates.