On February 10, 2026, Microsoft will roll out a plan to rotate the Windows Secure Boot certificate, replacing the old ones that have been in operation since 2011. This strategic move is designed to thwart malicious software attacks, particularly those from Rootkits, and to bolster the security of system boot processes. The new certificates have already been seamlessly integrated into the monthly updates for Windows 11 and compatible systems. Users who have enabled automatic updates need not take any manual steps.

OEMs like Dell, HP, and Lenovo are concurrently working on firmware and hardware adaptations to align with this change. Devices shipped in 2025 will come pre-loaded with the new certificates. Should devices fail to complete the update before the certificate's expiration in June 2026, they will still be capable of booting and running existing software as usual. However, they will enter a 'security downgrade' mode, losing the stringent verification capabilities for boot loaders and thus becoming highly susceptible to attacks.

It's important to note that this update pertains only to Windows versions that are within the official support lifecycle. Microsoft strongly advises users to upgrade their systems or hardware in a timely fashion to maintain optimal security.