secure boot
Microsoft rolls out new Secure Boot certificates before June expiration
Microsoft has begun rolling out updated Secure Boot certificates through monthly Windows updates to replace the original 2011 certificates that will expire in late June 2026. Introduced in 2011, Secure Boot ensures that only trusted bootloaders can load on computers with UEFI firmware, helping block malicious software, such as rootkits, from executing during system startup by verifying […]
New Windows updates replace expiring Secure Boot certificates
Microsoft has started automatically replacing expiring Secure Boot certificates on eligible Windows 11 24H2 and 25H2 systems. Secure Boot is a security feature that blocks malicious software (like rootkit malware) from executing during the system startup sequence by ensuring that only trusted bootloaders can load on computers with UEFI firmware. This is done by checking the software’s digital signature […]
Microsoft fixes Surface Hub boot issues with emergency update
Microsoft has released an emergency update to fix a known issue causing startup failures for some Surface Hub v1 devices running Windows 10. As the company explained when it acknowledged this issue last week, users see Secure Boot Violation errors on affected devices, prompting them to check the Secure Boot Policy in setup. These boot problems only […]
Microsoft: KB5060533 update triggers boot errors on Surface Hub v1 devices
Microsoft is investigating a known issue that triggers Secure Boot errors and prevents Surface Hub v1 devices from starting up. These boot problems only impact Surface Hub v1 systems running Windows 10, version 22H2, after installing the KB5060533 June 2025 Windows security update. Microsoft says that “Surface Hub v1 devices might fail to start with the following […]
New Secure Boot flaw lets attackers install bootkit malware, patch now
Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware. The flaw affects nearly every system that trusts Microsoft’s “UEFI CA 2011” certificate, which is pretty much all hardware that supports Secure Boot. Binarly researcher Alex Matrosov […]
Microsoft fixes Linux boot issues on dual-boot Windows systems
Microsoft has fixed a known issue preventing Linux from booting on dual-boot systems with Secure Boot enabled after installing the August 2024 Windows security updates. The list of affected systems includes those running client (Windows 10 and Windows 11) and server (Windows Server 2012 and later) OS versions. This issue is triggered by a Secure Boot Advanced Targeting (SBAT) […]
New Microsoft script updates Windows media with bootkit malware fixes
Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new “Windows UEFI CA 2023” certificate before the mitigations of the BlackLotus UEFI bootkit are enforced later this year. BlackLotus is a UEFI bootkit that can bypass Secure Boot and gain control over the operating system’s boot process. Once […]
New UEFI Secure Boot flaw exposes systems to bootkits, patch now
A new UEFI Secure Boot bypass vulnerability tracked as CVE-2024-7344 that affects a Microsoft-signed application could be exploited to deploy bootkits even if Secure Boot protection is active. The vulnerable UEFI application is present in multiple real-time system recovery tools from several third-party software developers. Bootkits represent a critical security threat that is difficult to detect because […]
PKfail Secure Boot bypass remains a significant risk two months later
Roughly nine percent of tested firmware images use non-production cryptographic keys that are publicly known or leaked in data breaches, leaving many Secure Boot devices vulnerable to UEFI bootkit malware attacks. Known as ‘PKfail,’ and now tracked as CVE-2024-8105, the supply chain attack is caused by test Secure Boot master key (Platform Key “PK”), which computer […]
Microsoft shares temp fix for Linux boot issues on dual-boot systems
Microsoft has provided a workaround to temporarily fix a known issue that is blocking Linux from booting on dual-boot systems with Secure Boot enabled. The company says this temporary fix can help Linux users revive unbootable systems displaying “Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation” errors after installing the August 2024 […]