Microsoft will launch the second phase of the Secure Boot certificate update in May 2026. Windows 10 users will receive it on the 13th, and Windows 11 users on the 16th. The Windows Security app will display yellow and red warnings about the status of the certificates, which have not been updated since 2011. Their expiration in June will weaken system protection if the patch is not applied.
How security alerts work in the second phase 🔒
After the update, system notifications will appear in Device Security → Secure Boot. Yellow indicates that user action is required to update the certificates; red warns that automatic update is no longer possible. In the first phase, in April 2026, green and yellow icons were added, and users could revert yellow to green with a dismiss button. In the red state, users are offered the option to accept the risks and receive no further reminders. Secure Boot ensures the system boots only with verified code.
Microsoft will alert you with colors so you don't ignore the notice 🚦
Microsoft has decided that security alerts need a color code worthy of a traffic light at rush hour. Yellow to make you worry, red to make you panic. And if you decide to ignore it, they offer an accept risks button so Microsoft can wash its hands of responsibility. At least they've had the courtesy to warn us 15 years late, which is saying something.