Microsoft Warns Of Secure Boot Certificate Expiry Impacting PCs This Year
Fortunately, PCs without the update should still function for the foreseeable future, but Microsoft does warn that "As new boot-level vulnerabilities are discovered, affected systems become increasingly exposed because they can no longer install new mitigations. Over time, this may also lead to compatibility issues, as newer operating systems, firmware, hardware or Secure Boot-dependent software may fail to load." So besides the obvious compromise to security, systems that don't get updated with the new Secure Boot certification won't stop working, but will become less functional over time, particularly when newer software or hardware relies on Secure Boot.
In any case, it's good to see Microsoft taking a user-first approach and making this update as painless as possible for its users. We imagine most prebuilt desktops and laptops will be shipped the update without issue, and only DIYers or IT pros needing to worry about manual installation. There is a chance that Microsoft's umbrella won't be as wide as expected, but Microsoft's language in the original blog post suggests most PCs should receive the Secure Boot certificates over Windows Update without issue. It's much gentler than how Microsoft has been treating legacy printers, scanners, fax machines, and modems.
For users who can't get the update through either Windows update or OEM support, Microsoft advises contacting it through the correct support channels. Windows Personal and Family accounts can use the typical support phone numbers (855-270-0615 in the US is one of those) and online channels, while Enterprise customers can get more direct Microsoft support. We imagine enterprise customers with highly-specialized hardware configurations to be the most likely to take it this far—for most of you, it should just be another quiet Windows update.
