Are You Risking a System Failure? Why Microsoft's Botched Secure Boot Update Could Be a Disaster for Your PC.

Home » Microsoft » Are You Risking a System Failure? Why Microsoft’s Botched Secure Boot Update Could Be a Disaster for Your PC.

Table of Contents

Is Your PC Ready for 2026? Your Ultimate Guide to an Effortless Secure Boot Certificate Update.
The Critical Flaw in Microsoft’s Update Guidance
Microsoft’s Correction and What to Do

Is Your PC Ready for 2026? Your Ultimate Guide to an Effortless Secure Boot Certificate Update.

Microsoft is currently rolling out updates to replace key security certificates required for the Secure Boot process on Windows devices. This is a necessary, large-scale update because the original certificates, first issued for Windows 8, are set to expire in 2026. Failure to update these certificates could prevent devices from receiving critical security updates, including fixes for the Windows Boot Manager, after October 2026.

The Critical Flaw in Microsoft’s Update Guidance

In June 2025, Microsoft published initial instructions for IT professionals to manually apply the new certificates. However, a significant error was discovered in the documentation that caused confusion and potential system issues. The instructions for a scheduled task incorrectly swapped the hexadecimal codes for applying two crucial 2023 certificates: the “Microsoft UEFI CA 2023” and the “Microsoft Option ROM CA 2023”.

This mix-up could lead to several problems:

The system might install the wrong certificate into the UEFI signature database (DB).
The update process could fail entirely, leaving the system with expiring certificates.
In a worst-case scenario, incorrect modifications to the Secure Boot database could lead to boot failures.

Microsoft’s Correction and What to Do

Microsoft has since corrected the flawed instructions in its official guidance document, “Secure Boot Certificate updates: Guidance for IT professionals and organizations”. The company also issued a change notification in the Microsoft 365 Admin Center, “MC1185931: Secure Boot playbook for certificates expiring in 2026,” to alert administrators.

For IT professionals and concerned users, the primary course of action is to refer to the latest, corrected documentation from Microsoft before attempting any manual updates. The most reliable method for most users to receive these new certificates is by allowing Microsoft to manage and apply Windows updates automatically. If you manage multiple tenants or are a delegated administrator, ensure you are registered to receive notifications from the Microsoft 365 Message Center to stay informed of such critical changes.