According to the tech giant, most users and businesses that have enabled automatic updates will receive the new certificates through the regular Windows update process, while specialized systems, such as certain server or IoT devices, will require a different update process.“For a fraction of devices, a separate firmware update from the device manufacturer may be required before the system can apply the new Secure Boot certificates delivered via Windows Update. To prepare, we recommend that customers check their OEM support pages to ensure they have the latest firmware updates,” Microsoft notes.Systems that will not receive the refreshed Secure Boot certificates before the old ones expire will continue to work normally but may not receive future boot-level protections, the tech giant says.“As new boot‑level vulnerabilities are discovered, affected systems become increasingly exposed because they can no longer install new mitigations. Over time, this may also lead to compatibility issues, as newer operating systems, firmware, hardware or Secure Boot–dependent software may fail to load,” it explains.Systems running Windows 10 and older OS versions are no longer supported and will not receive the new certificates, unless they have been enrolled in Extended Security Updates, Microsoft points out.Organizations are encouraged to evaluate their systems as part of deployment planning, ensure that systems are validated for updates, and implement certificate monitoring tools. They should also ensure that devices are running the latest available Windows updates and firmware versions.“We’re rolling out these new certificates in collaboration with our ecosystem partners in a careful, phased approach informed by broad testing, staged data-based rollout and coordination with device manufacturers. Even so, given the diversity of device models, firmware versions and usage scenarios, a limited number of devices may require additional support during the update process,” Microsoft notes.Related:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:Microsoft Moves Closer to Disabling NTLMRelated:Microsoft Patches Office Zero-Day Likely Exploited in Targeted AttacksRelated:Microsoft Names New Operating CISOs in Strategic Move to Strengthen Cyberdefense
“For a fraction of devices, a separate firmware update from the device manufacturer may be required before the system can apply the new Secure Boot certificates delivered via Windows Update. To prepare, we recommend that customers check their OEM support pages to ensure they have the latest firmware updates,” Microsoft notes.Systems that will not receive the refreshed Secure Boot certificates before the old ones expire will continue to work normally but may not receive future boot-level protections, the tech giant says.“As new boot‑level vulnerabilities are discovered, affected systems become increasingly exposed because they can no longer install new mitigations. Over time, this may also lead to compatibility issues, as newer operating systems, firmware, hardware or Secure Boot–dependent software may fail to load,” it explains.Systems running Windows 10 and older OS versions are no longer supported and will not receive the new certificates, unless they have been enrolled in Extended Security Updates, Microsoft points out.Organizations are encouraged to evaluate their systems as part of deployment planning, ensure that systems are validated for updates, and implement certificate monitoring tools. They should also ensure that devices are running the latest available Windows updates and firmware versions.“We’re rolling out these new certificates in collaboration with our ecosystem partners in a careful, phased approach informed by broad testing, staged data-based rollout and coordination with device manufacturers. Even so, given the diversity of device models, firmware versions and usage scenarios, a limited number of devices may require additional support during the update process,” Microsoft notes.Related:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:Microsoft Moves Closer to Disabling NTLMRelated:Microsoft Patches Office Zero-Day Likely Exploited in Targeted AttacksRelated:Microsoft Names New Operating CISOs in Strategic Move to Strengthen Cyberdefense
Systems that will not receive the refreshed Secure Boot certificates before the old ones expire will continue to work normally but may not receive future boot-level protections, the tech giant says.“As new boot‑level vulnerabilities are discovered, affected systems become increasingly exposed because they can no longer install new mitigations. Over time, this may also lead to compatibility issues, as newer operating systems, firmware, hardware or Secure Boot–dependent software may fail to load,” it explains.Systems running Windows 10 and older OS versions are no longer supported and will not receive the new certificates, unless they have been enrolled in Extended Security Updates, Microsoft points out.Organizations are encouraged to evaluate their systems as part of deployment planning, ensure that systems are validated for updates, and implement certificate monitoring tools. They should also ensure that devices are running the latest available Windows updates and firmware versions.“We’re rolling out these new certificates in collaboration with our ecosystem partners in a careful, phased approach informed by broad testing, staged data-based rollout and coordination with device manufacturers. Even so, given the diversity of device models, firmware versions and usage scenarios, a limited number of devices may require additional support during the update process,” Microsoft notes.Related:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:Microsoft Moves Closer to Disabling NTLMRelated:Microsoft Patches Office Zero-Day Likely Exploited in Targeted AttacksRelated:Microsoft Names New Operating CISOs in Strategic Move to Strengthen Cyberdefense
“As new boot‑level vulnerabilities are discovered, affected systems become increasingly exposed because they can no longer install new mitigations. Over time, this may also lead to compatibility issues, as newer operating systems, firmware, hardware or Secure Boot–dependent software may fail to load,” it explains.Systems running Windows 10 and older OS versions are no longer supported and will not receive the new certificates, unless they have been enrolled in Extended Security Updates, Microsoft points out.Organizations are encouraged to evaluate their systems as part of deployment planning, ensure that systems are validated for updates, and implement certificate monitoring tools. They should also ensure that devices are running the latest available Windows updates and firmware versions.“We’re rolling out these new certificates in collaboration with our ecosystem partners in a careful, phased approach informed by broad testing, staged data-based rollout and coordination with device manufacturers. Even so, given the diversity of device models, firmware versions and usage scenarios, a limited number of devices may require additional support during the update process,” Microsoft notes.Related:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:Microsoft Moves Closer to Disabling NTLMRelated:Microsoft Patches Office Zero-Day Likely Exploited in Targeted AttacksRelated:Microsoft Names New Operating CISOs in Strategic Move to Strengthen Cyberdefense
Systems running Windows 10 and older OS versions are no longer supported and will not receive the new certificates, unless they have been enrolled in Extended Security Updates, Microsoft points out.Organizations are encouraged to evaluate their systems as part of deployment planning, ensure that systems are validated for updates, and implement certificate monitoring tools. They should also ensure that devices are running the latest available Windows updates and firmware versions.“We’re rolling out these new certificates in collaboration with our ecosystem partners in a careful, phased approach informed by broad testing, staged data-based rollout and coordination with device manufacturers. Even so, given the diversity of device models, firmware versions and usage scenarios, a limited number of devices may require additional support during the update process,” Microsoft notes.Related:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:Microsoft Moves Closer to Disabling NTLMRelated:Microsoft Patches Office Zero-Day Likely Exploited in Targeted AttacksRelated:Microsoft Names New Operating CISOs in Strategic Move to Strengthen Cyberdefense
Organizations are encouraged to evaluate their systems as part of deployment planning, ensure that systems are validated for updates, and implement certificate monitoring tools. They should also ensure that devices are running the latest available Windows updates and firmware versions.“We’re rolling out these new certificates in collaboration with our ecosystem partners in a careful, phased approach informed by broad testing, staged data-based rollout and coordination with device manufacturers. Even so, given the diversity of device models, firmware versions and usage scenarios, a limited number of devices may require additional support during the update process,” Microsoft notes.Related:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:Microsoft Moves Closer to Disabling NTLMRelated:Microsoft Patches Office Zero-Day Likely Exploited in Targeted AttacksRelated:Microsoft Names New Operating CISOs in Strategic Move to Strengthen Cyberdefense
“We’re rolling out these new certificates in collaboration with our ecosystem partners in a careful, phased approach informed by broad testing, staged data-based rollout and coordination with device manufacturers. Even so, given the diversity of device models, firmware versions and usage scenarios, a limited number of devices may require additional support during the update process,” Microsoft notes.Related:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:Microsoft Moves Closer to Disabling NTLMRelated:Microsoft Patches Office Zero-Day Likely Exploited in Targeted AttacksRelated:Microsoft Names New Operating CISOs in Strategic Move to Strengthen Cyberdefense
Related:6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 UpdatesRelated:Microsoft Moves Closer to Disabling NTLMRelated:Microsoft Patches Office Zero-Day Likely Exploited in Targeted AttacksRelated:Microsoft Names New Operating CISOs in Strategic Move to Strengthen Cyberdefense
Related:Microsoft Moves Closer to Disabling NTLMRelated:Microsoft Patches Office Zero-Day Likely Exploited in Targeted AttacksRelated:Microsoft Names New Operating CISOs in Strategic Move to Strengthen Cyberdefense
Related:Microsoft Patches Office Zero-Day Likely Exploited in Targeted AttacksRelated:Microsoft Names New Operating CISOs in Strategic Move to Strengthen Cyberdefense
Source: SecurityWeek
