Critical Windows and Linux Security Deadline: June 24 Certificate Expiration
Original: A Critical Deadline Is Approaching for Windows and Linux Security
Why This Matters
Secure Boot certificate expiration creates firmware security vulnerability affecting millions of Windows and Linux systems globally, enabling persistent bootkit infections.
Microsoft-signed cryptographic certificates protecting Windows and Linux systems against UEFI firmware attacks will expire June 24, 2026. Users must update Secure Boot keys to prevent firmware-based malware infections that persist across OS reinstallations.
Three certificates that verify firmware and software signatures during system boot will expire on June 24, 2026, affecting Windows and Linux users. These Microsoft-signed certificates are central to Secure Boot, a chain-of-trust mechanism designed to verify digital signatures of all firmware loading during startup, ensuring they originate from trusted sources like motherboard manufacturers. Secure Boot protects against UEFI bootkits—malware that infects the Unified Extensible Firmware Interface and loads before operating system and antimalware protections activate. Because bootkits operate at the firmware level, they are difficult to detect and can survive OS reinstallations and disinfection attempts. Once installed, they typically load additional malware for credential theft, system backdoors, or other attacks. The threat of UEFI-based attacks has escalated since 2018, when the LoJax malware—created by Kremlin-backed APT 28—became the first known real-world UEFI attack. Researchers have documented increasing sophistication in bootkit development since the early 2000s, progressing from BIOS-level attacks to modern UEFI targeting. The expiration of these certificates creates a critical vulnerability window requiring immediate action from system administrators and users to update their Secure Boot configurations.