Best practices for deploying Secure Boot certificate updates
🚨 The Signal: Microsoft is reminding organizations to update Secure Boot certificates before June 2026 expirations. Failure to update could compromise device integrity and trust, impacting the platform root of trust.
The Impact
All Windows device administrators are affected, facing a risk of weakened device integrity and potential non-compliance if certificates are not updated.
- System administrators: Risk of compromised device integrity if certificates expire.
- Security teams: Risk of non-compliance with ISM controls for system trustworthiness.
- IT operations: Increased workload for firmware and OS patching across device fleets.
The Action
- Ensure all Windows devices are kept up to date with the latest Windows updates.
- Verify that the latest firmware version is installed on all devices.
- Consult OEM support pages for specific firmware update instructions and resources.
- Attend Microsoft's Secure Boot Office Hours for virtualized environments on July 8 for guidance.
- Attend Microsoft's OEM Secure Boot Office Hours on July 15 for vendor-specific information.
Domain: Other · Impact: high · Workload: Other · Essential Eight: Patch Operating Systems · ISM: ISM-1407, ISM-1501, ISM-1621, ISM-1622, ISM-1623, ISM-1654, ISM-1655, ISM-1694, ISM-1695, ISM-1696, ISM-1701, ISM-1702, ISM-1877, ISM-1889, ISM-1902