June 24 Deadline Looms as Microsoft Secure Boot Certificates Set to Expire, Affecting Windows and Linux Systems

Windows and Linux users face a critical security deadline on June 24, when three Microsoft-signed certificates used for Secure Boot will expire, potentially leaving systems vulnerable to boot-level attacks that bypass traditional anti-malware protections, according to Wired. These certificates cryptographically verify firmware and software during system boot to prevent UEFI-based malware infections. "The expiration could leave systems vulnerable to boot-level attacks that bypass traditional anti-malware protections." Users need to update their cryptographic keys before the deadline to maintain security against firmware-based threats, Wired reported. The expiration affects both Windows and Linux systems that rely on Secure Boot to ensure only trusted software runs during the startup process. Separately, Hacker News reported that Linux users with Secure Boot enabled face an additional disruption, as a Microsoft signing key used for booting is set to expire in September. Microsoft will stop using this key to sign the shim UEFI bootloader that Linux distributions depend on. A replacement key has been available since 2023 but may not be installed on many systems, potentially causing boot issues after the expiration date. "A replacement key has been available since 2023 but may not be installed on many systems, potentially causing boot issues for Linux users after the expiration date." While the June 24 deadline is the most immediate concern for all Secure Boot users, the September expiration adds a layer of complexity for Linux users who must ensure their systems have the updated key to avoid boot failures. Both outlets emphasized the importance of proactive updates to maintain system integrity against firmware-based threats.

2 sources•22 JunRead the Baker's Take→