February 18, 2026 Microsoft is rolling out new Secure Boot certificates ahead of a June 2026 expiration. Devices still running unsupported versions of Windows, including most Windows 10 machines without Extended Security Updates, will not receive the new certificates.
The change comes months after Windows 10 officially reached end of support in October 2025, meaning many systems are already operating without routine security patches. Without the updated certificates, those devices could face an additional security gap tied to how Windows verifies trusted software at startup.
Secure Boot is a core security mechanism that ensures a computer only loads trusted firmware and operating system components during startup. The older certificates, issued in 2011, are nearing the end of their lifecycle, prompting Microsoft to distribute replacements through Windows updates on supported systems.
However, that update path does not apply universally. Microsoft has said unsupported operating systems will not receive the new certificates, effectively excluding Windows 10 devices that have not enrolled in Extended Security Updates. That could leave millions of aging PCs with weakened boot-level protections once the legacy certificates expire.
The Extended Security Updates (ESU) program offers a temporary workaround, extending protections into 2026 for eligible users. But systems outside that program will miss both ongoing patches and the certificate refresh, compounding their vulnerability as attackers increasingly target older platforms.
The development highlights a broader transition underway in the Windows ecosystem. As Microsoft accelerates the shift to newer operating systems, legacy machines risk falling further behind on foundational security layers – not just feature updates, but low-level protections that underpin modern device trust models.
For consumers and organizations still relying on older hardware, the clock is ticking. As Secure Boot certificates age out, the divide between supported and unsupported Windows systems is poised to become a tangible security risk.
