Microsoft Secure Boot certificates expire in 2026 — what now?
The digital certificates that underpin Secure Boot on Windows and Linux servers and computers are due to expire between June and October 2026. Created by Microsoft in 2011, these certificates form the basis of critical protection against malware that installs itself beneath the operating system, invisible to antivirus software and resistant even to system reinstallation.
Nothing stops working straight away, but there are real risks in the long term
The devices continue to operate normally after the certificates expire. The problem arises over time: without the new certificates, the machines become progressively more vulnerable to serious attacks, may become incompatible with future system updates and, in cases where the disk is encrypted (such as with BitLocker), a poorly executed update could block access to data.
The new certificates are available, but they are rarely installed automatically. Each machine must be dealt with individually, taking the necessary precautions. And virtual machines are the most overlooked: in these cases, the fix always requires specific intervention.
What needs to be done and how Eurotux can help
The process consists of three steps: an audit of the IT infrastructure, updating with appropriate safeguards (backups and maintenance windows), and confirming the status of each machine.
Eurotux has already carried out this process on its own infrastructure and has tools and procedures in place for any environment. We check the status of your IT infrastructure without disrupting operations, handle the entire update process with the necessary safeguards, and provide a final report on a machine-by-machine basis.
If you prefer to handle the matter internally, we’ll share the procedures and answer any questions you may have.



