May 13, 2026 Microsoft is rolling out a major change to Windows security that will affect most PCs, requiring new Secure Boot certificates to be installed ahead of a June expiration deadline. It marks the first time the original certificates issued in 2011 will expire, meaning devices must be updated to continue verifying trusted software during startup.
The company says the update is necessary to maintain the integrity of the Secure Boot process, which ensures that only trusted operating system components load during boot. “Updating the Secure Boot certificates originally issued in 2011” is intended to keep Windows devices aligned with current security standards, according to Microsoft.
For newer machines, the transition is largely invisible. PCs purchased within the last two years are typically already running updated certificates. For older systems, the changes are being delivered through standard monthly Windows security updates, with many devices receiving them in April or May.
However, the rollout is not entirely seamless. Microsoft has warned that some users will experience an additional restart during installation as part of the certificate update process. The Windows Security app will also flag systems that require action, displaying warnings where Secure Boot updates have not been applied before the deadline.
A key limitation is eligibility. Only devices still receiving official Windows security updates will get the new certificates. That leaves a large portion of older machines, particularly those running unsupported versions of Windows 10, outside the update path. Microsoft is directing affected users toward its Extended Security Update (ESU) program to maintain protection beyond standard support.
The certificate transition comes at a time when broader questions about Windows architecture are resurfacing. Reports indicate that legacy code dating back decades still underpins parts of modern releases like Windows 11, prompting criticism around performance and system design. Microsoft has responded by introducing measures such as a “Low Latency Profile” aimed at improving responsiveness, even as some users question whether techniques like temporary CPU boosts mask deeper inefficiencies.
At the same time, competitive pressure is building. Google is positioning its ChromeOS ecosystem as an alternative for aging Windows devices, recently introducing a new category of AI-focused laptops built around its Gemini platform. The company is working with major hardware partners including Acer, ASUS, Dell, HP, and Lenovo to bring these devices to market.
This timing is significant. Millions of Windows 10 systems are approaching an October 14, 2026 end-of-support deadline, after which they will no longer receive updates. For users with older hardware that may not qualify for Windows 11, alternatives like ChromeOS-based devices could become more attractive.
