Microsoft is also updating the Windows Security app with a status indicator that will let users know whether their Windows 10 and 11 installations have the latest Secure Boot certificates.
Secure Boot certificates protect your PC’s startup process, but the original ones from 2011 are set to expire in June, so Microsoft plans to roll out a Secure Boot status dashboard in Windows to help users check if they’re still protected.
Starting this month, the new status page will appear in the Windows Security app, where the company is adding a Secure Boot status indicator under Device security> Secure Boot.
“The Windows Security app now shows whether your device has received these updates, what your current status is, and whether any action is needed,” Microsoft says on a new support page.
The status indicator will show one of three badges. A green one indicates your PC has been updated. Yellow means Microsoft has a safety recommendation, which might point you to installing a firmware update to receive the new certificates.
Meanwhile, a red badge indicates that your PC can’t receive the new Secure Boot software certificates. “This state appears only after a security vulnerability that affects the boot process is discovered and cannot be serviced on devices that have not yet received the updated certificates. This could occur as early as June 2026. when some of the current Secure Boot certificates begin to expire,” the company says.
Microsoft will also show a detailed status message advising users on what they can do to fix the issue, which might include updating your Windows OS, or contacting your device manufacturer.
Secure Boot helps ensure your PC runs only trusted software during the boot-up process, preventing malware that can persist even after OS reinstalls. The problem is that a large number of PCs still remain on Windows 10. which officially lost support in October, meaning the OS will no longer receive software patches. In February, Microsoft warned that these Windows 10 PCs won’t receive the new Secure Boot certificates either.
The only exception is for PCs enrolled in the Windows 10 Extended Security Updates program, which US users can sign up for using two free options. Microsoft told us the new Secure Boot status indicator is arriving only for Windows 10 ESU PCs. So if your PC remains on the unsupported version of Windows 10. then you should presume your certificates will expire starting in June.
PCs on Windows 11 and Windows 10 ESU should receive the new software certificates “automatically” through the regular monthly Windows updates. However, a small portion of PCs might need a separate firmware update from their PC or motherboard manufacturer before they can load the new certificates—hence, the yellow and red badges.
If you don’t receive the fresh certificates, your PC will still operate. But Microsoft warns: “The device will enter a degraded security state that limits its ability to receive future boot-level protections,” exposing it to potential “boot‑level vulnerabilities” that hackers could try to exploit. It’s a security trade-off to run Windows 10. since some older PCs don’t meet the system requirements to update to Windows 11.
Microsoft’s support page notes that if your status page shows a red badge, users can pick the option for “I accept the risks, don’t remind me.”
Notifications about the Secure Boot issue will also extend beyond the Windows Security app. The support page adds: “Beginning in May 2026. additional improvements will become available, including notifications outside the app (such as system alerts) and additional in‑app guidance and controls to help you respond to Secure Boot warnings.”
