"Get ye to Windows Update, because there's a good chance you've got new Secure Boot certificates to install. Microsoft just announced that it will be refreshing those certificates, which were originally introduced when Secure Boot debuted in 2011, as a security precaution. Secure Boot was a way for Microsoft to protect systems from running unsigned and potentially malicious code before Windows launched."
"Without the new Secure Boot certificates, Microsoft says your system will still function normally, but it will enter "a degraded security state that limits its ability to receive future boot-level protections." Basically, you won't be protected from malware and viruses targeting vulnerabilities in older versions of Windows. As expected, Microsoft also notes that unsupported versions of Windows won't be receiving the new Secure Boot certificates. They're only coming to Windows 11 systems, as well as Windows 10 PCs subscribed to Microsoft's Extended Security Updates."
Microsoft is refreshing Secure Boot certificates originally introduced in 2011 to strengthen boot-level protections. Secure Boot prevents systems from running unsigned or potentially malicious code prior to Windows startup and became a requirement for Windows 11 and certain anti-cheat software. Systems that do not receive the updated certificates will continue to operate but will enter a degraded security state that limits future boot-level protections and increases exposure to malware exploiting older Windows vulnerabilities. The updated certificates apply only to Windows 11 and Windows 10 devices on Extended Security Updates. Many users will receive the updates via Windows Update, while some systems may require firmware updates from OEMs. Certificate status will be trackable in the Windows Security app in the coming months, and retiring old certificates is presented as standard practice to prevent aging credentials from becoming weak points.
Read at Engadget
Unable to calculate read time
Collection
[
|
...
]