• Microsoft intends to kill your computer, no Secure Boot updates for you.

    From anon@noreply@mixmin.net to alt.privacy.anon-server,alt.comp.os.windows-11,alt.comp.os.windows-10 on Tue May 19 03:30:10 2026
    From Newsgroup: alt.privacy.anon-server

    Imagine following all the Micro$oft rule$, setting up your computer,
    creating a Micro$oft account and configuraing your computer to be "safe"
    with UEFI and "Secure Boot".

    Except the certificate expires in June 2026 and it won't boot after that.

    If your computer has no entitlement, it cannot get the updated certificate
    and you are shit out of luck.

    Anything 2023 forward supposedly is okay and will get updates. Before
    that? Tough.

    What if it doesn't? All your boots are belong to us data recovery
    companies.
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Lynn McGuire@lynnmcguire5@gmail.com to alt.privacy.anon-server,alt.comp.os.windows-11,alt.comp.os.windows-10 on Mon May 18 23:20:43 2026
    From Newsgroup: alt.privacy.anon-server

    On 5/18/2026 9:30 PM, anon wrote:
    Imagine following all the Micro$oft rule$, setting up your computer,
    creating a Micro$oft account and configuraing your computer to be "safe"
    with UEFI and "Secure Boot".

    Except the certificate expires in June 2026 and it won't boot after that.

    If your computer has no entitlement, it cannot get the updated certificate and you are shit out of luck.

    Anything 2023 forward supposedly is okay and will get updates. Before
    that? Tough.

    What if it doesn't? All your boots are belong to us data recovery
    companies.

    If this is true then there will be lawsuits. Many lawsuits.

    Lynn

    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Mr. Man-wai Chang@toylet.toylet@gmail.com to alt.privacy.anon-server,alt.comp.os.windows-11,alt.comp.os.windows-10 on Tue May 19 13:48:30 2026
    From Newsgroup: alt.privacy.anon-server

    I don't use Secured Boot...

    Act now: Secure Boot certificates expire in June 2026 - Windows IT Pro Blog <https://techcommunity.microsoft.com/blog/windows-itpro-blog/act-now-secure-boot-certificates-expire-in-june-2026/4426856>
    --

    @~@ Simplicity is Beauty! Remain silent! Drink, Blink, Stretch!
    / v \ May the Force and farces be with you! Live long and prosper!!
    /( _ )\ https://sites.google.com/site/changmw/
    ^ ^ https://github.com/changmw/changmw
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From ....winston@winstonmvp@gmail.com to alt.privacy.anon-server,alt.comp.os.windows-11,alt.comp.os.windows-10 on Tue May 19 02:08:31 2026
    From Newsgroup: alt.privacy.anon-server

    On 05/19/2026 12:20 AM, Lynn McGuire wrote:
    On 5/18/2026 9:30 PM, anon wrote:
    Imagine following all the Micro$oft rule$, setting up your computer,
    creating a Micro$oft account and configuraing your computer to be "safe"
    with UEFI and "Secure Boot".

    Except the certificate expires in June 2026 and it won't boot after that.

    If your computer has no entitlement, it cannot get the updated
    certificate
    and you are shit out of luck.

    Anything 2023 forward supposedly is okay and will get updates.-a Before
    that?-a Tough.

    What if it doesn't?-a All your boots are belong to us data recovery
    companies.

    If this is true then there will be lawsuits.-a-a Many lawsuits.

    Lynn


    Most misunderstand the impact of not updating or not having the option
    to update with the 2023 certs(to replace the expiring 2011 certs)


    Unless prepared, physical devices and VMs will:

    Lose the ability to install Secure Boot security updates after June 2026.
    Not trust third-party software signed with new certificates after June 2026. Not receive security fixes for Windows Boot Manager by October 2026.
    </qp>

    It's important to understand where the term 'boot' actually applies.
    --
    ...w-i|#-o-#-n|#
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Philip Herlihy@nothing@invalid.com to alt.privacy.anon-server,alt.comp.os.windows-11,alt.comp.os.windows-10 on Tue May 19 11:44:14 2026
    From Newsgroup: alt.privacy.anon-server

    In article <20260519.033010.5beadf0b@mixmin.net>, noreply@mixmin.net
    says...

    Imagine following all the Micro$oft rule$, setting up your computer, >creating a Micro$oft account and configuraing your computer to be "safe" >with UEFI and "Secure Boot".

    Except the certificate expires in June 2026 and it won't boot after that.

    If your computer has no entitlement, it cannot get the updated certificate >and you are shit out of luck.

    Anything 2023 forward supposedly is okay and will get updates. Before
    that? Tough.

    What if it doesn't? All your boots are belong to us data recovery
    companies.

    I asked CoPilot the following question:


    **Prompt
    I understand that Windows 10 computers will need their secure boot certificates updated soon. I've checked all the computers I have
    running Windows 10 (all enrolled in Extended Security Updates) and all
    are already updated. But if a friend has a Windows 10 computer which is
    not enrolled in ESU, and they do nothing, will their computer suddenly
    cease to boot? And if so, what can they do about it?

    **Response**

    Short answer: No ? your friend?s PC will not suddenly stop booting. But
    it will gradually become less secure and may eventually run into edge-
    case issues.

    Here?s the full picture.

    What actually happens in June 2026:

    Microsoft?s original Secure Boot certificates (from 2011) start expiring
    in June 2026. These are used very early in the boot process to verify
    trusted code.

    If a machine does not receive the new 2023 certificates, then:

    * It will still boot normally
    * Windows will still run
    * It will lose the ability to receive future Secure Boot / boot-chain
    security protections
    * Its security will gradually degrade over time

    Microsoft explicitly states that systems without the update will
    continue to start and operate normally, but will not receive new
    protections for the early boot process.

    Multiple sources confirm this is not a ?PC stops working? situation ?
    the system keeps running, but becomes less secure.

    What?s different for Windows 10 without ESU:

    * Windows 10 support ended in October 2025
    * Only systems enrolled in Extended Security Updates (ESU) continue
    receiving updates
    * The new Secure Boot certificates are delivered via Windows Update

    Therefore:
    A Windows 10 PC without ESU will not receive the updated certificates automatically.

    Such systems will:

    * Keep using the old (expiring) certificates
    * Miss future Secure Boot improvements permanently

    Does anything actually break?

    For most users, nothing obvious happens immediately.

    However, over time:

    1. Security becomes weaker
    The system cannot receive updates to bootloader trust or protections against new low-level threats.

    2. Some features or scenarios may be affected
    For example:
    * BitLocker behaviour or protections
    * Some third-party boot tools or components
    * Future fixes to boot-level vulnerabilities

    3. Rare edge-case issues can occur
    In unusual cases (e.g. firmware or update problems), there could be:
    * Boot validation warnings
    * Recovery prompts
    * Startup issues

    These are not expected for most users, but are possible.

    So will the PC suddenly stop booting?

    No.

    There is no hard cutoff or ?deadline? where systems suddenly fail. This
    is not like Y2K.

    A better way to think of it:
    The PC continues working, but is effectively frozen at its current level
    of boot security.

    What can your friend do?

    If they are running Windows 10 without ESU, the realistic options are:

    1. Upgrade to Windows 11 (best option, if hardware supports it)
    This ensures continued updates and automatic certificate updates.

    2. Enrol in ESU (if still available)
    This is the only supported way to stay on Windows 10 and receive the
    new certificates.

    3. Replace the device
    This may be necessary for older, unsupported hardware.

    4. Try manual or advanced fixes
    * Install firmware (BIOS/UEFI) updates from the manufacturer
    * Attempt manual Secure Boot certificate updates
    These are more complex and not guaranteed.

    5. Do nothing
    The PC will keep working, but with increasing security risk over
    time.

    Bottom line:

    * The PC will not suddenly fail to boot
    * Unsupported Windows 10 systems will gradually fall behind
    * The real issue is long-term security, not immediate usability

    ***
    --
    --
    Phil, London
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From s|b@me@privacy.invalid to alt.privacy.anon-server,alt.comp.os.windows-11,alt.comp.os.windows-10 on Tue May 19 14:40:56 2026
    From Newsgroup: alt.privacy.anon-server

    On Tue, 19 May 2026 11:44:14 +0100, Philip Herlihy wrote:

    I asked CoPilot

    <sigh>
    --
    s|b
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From s|b@me@privacy.invalid to alt.privacy.anon-server,alt.comp.os.windows-11,alt.comp.os.windows-10 on Tue May 19 15:02:15 2026
    From Newsgroup: alt.privacy.anon-server

    On Tue, 19 May 2026 13:48:30 +0800, Mr. Man-wai Chang wrote:

    I don't use Secured Boot...

    Act now: Secure Boot certificates expire in June 2026 - Windows IT Pro Blog <https://techcommunity.microsoft.com/blog/windows-itpro-blog/act-now-secure-boot-certificates-expire-in-june-2026/4426856>

    "act now" and do what exactly?
    --
    s|b
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From JJ@jj4public@gmail.com to alt.privacy.anon-server,alt.comp.os.windows-11,alt.comp.os.windows-10 on Tue May 19 20:37:24 2026
    From Newsgroup: alt.privacy.anon-server

    On Tue, 19 May 2026 13:48:30 +0800, Mr. Man-wai Chang wrote:
    I don't use Secured Boot...

    Act now: Secure Boot certificates expire in June 2026 - Windows IT Pro Blog <https://techcommunity.microsoft.com/blog/windows-itpro-blog/act-now-secure-boot-certificates-expire-in-june-2026/4426856>

    Is it possible to disable Secure Boot and still keep Secure Boot installed Windows bootable?
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From ....winston@winstonmvp@gmail.com to alt.privacy.anon-server,alt.comp.os.windows-11,alt.comp.os.windows-10 on Tue May 19 10:31:05 2026
    From Newsgroup: alt.privacy.anon-server

    On 05/19/2026 8:40 AM, s|b wrote:
    On Tue, 19 May 2026 11:44:14 +0100, Philip Herlihy wrote:

    I asked CoPilot

    <sigh>


    Philip's reply included all the relevant information.
    AI/Copilot as the source/content is not the issue - it was accurate.

    His closing comments(Bottom line) still apply and are consistent with
    MSFT response.

    MSFT:


    Unless prepared, physical devices and VMs will:

    Lose the ability to install Secure Boot security updates after June 2026.
    Not trust third-party software signed with new certificates after June 2026. Not receive security fixes for Windows Boot Manager by October 2026.
    </qp>

    Philip's:

    Bottom line:

    * The PC will not suddenly fail to boot
    * Unsupported Windows 10 systems will gradually fall behind
    * The real issue is long-term security, not immediate usability
    </qp>
    --
    ...w-i|#-o-#-n|#
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Mr. Man-wai Chang@toylet.toylet@gmail.com to alt.privacy.anon-server,alt.comp.os.windows-11,alt.comp.os.windows-10 on Tue May 19 22:47:45 2026
    From Newsgroup: alt.privacy.anon-server

    On 5/19/2026 9:37 PM, JJ wrote:

    Is it possible to disable Secure Boot and still keep Secure Boot installed Windows bootable?

    I don't use it. I wish it has an "emergence boot" option like mobile
    phones. BUT... that will defeat the purpose of SECURED boot! :)
    --

    @~@ Simplicity is Beauty! Remain silent! Drink, Blink, Stretch!
    / v \ May the Force and farces be with you! Live long and prosper!!
    /( _ )\ https://sites.google.com/site/changmw/
    ^ ^ https://github.com/changmw/changmw
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Mr. Man-wai Chang@toylet.toylet@gmail.com to alt.privacy.anon-server,alt.comp.os.windows-11,alt.comp.os.windows-10 on Tue May 19 22:48:36 2026
    From Newsgroup: alt.privacy.anon-server

    On 5/19/2026 9:02 PM, s|b wrote:

    "act now" and do what exactly?



    For website, you just need to renew the certificate, which is stamped
    with a new expiration date. :)
    --

    @~@ Simplicity is Beauty! Remain silent! Drink, Blink, Stretch!
    / v \ May the Force and farces be with you! Live long and prosper!!
    /( _ )\ https://sites.google.com/site/changmw/
    ^ ^ https://github.com/changmw/changmw
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From s|b@me@privacy.invalid to alt.privacy.anon-server,alt.comp.os.windows-11,alt.comp.os.windows-10 on Tue May 19 16:53:23 2026
    From Newsgroup: alt.privacy.anon-server

    On Tue, 19 May 2026 22:48:36 +0800, Mr. Man-wai Chang wrote:

    "act now" and do what exactly?

    For website, you just need to renew the certificate, which is stamped
    with a new expiration date. :)

    According to Le Chat (AI) Windows Updates will take care of it, but I
    don't know if it's hallucinating or telling the truth.
    --
    s|b
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From s|b@me@privacy.invalid to alt.privacy.anon-server,alt.comp.os.windows-11,alt.comp.os.windows-10 on Tue May 19 16:55:02 2026
    From Newsgroup: alt.privacy.anon-server

    On Tue, 19 May 2026 10:31:05 -0400, ....winston wrote:

    Philip's reply included all the relevant information.
    AI/Copilot as the source/content is not the issue - it was accurate.

    Well, I'm not going through a whole AI produced word salad. KISS and all that...
    --
    s|b
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From ....winston@winstonmvp@gmail.com to alt.privacy.anon-server,alt.comp.os.windows-11,alt.comp.os.windows-10 on Tue May 19 11:00:49 2026
    From Newsgroup: alt.privacy.anon-server

    On 05/19/2026 9:37 AM, JJ wrote:
    On Tue, 19 May 2026 13:48:30 +0800, Mr. Man-wai Chang wrote:
    I don't use Secured Boot...

    Act now: Secure Boot certificates expire in June 2026 - Windows IT Pro Blog >> <https://techcommunity.microsoft.com/blog/windows-itpro-blog/act-now-secure-boot-certificates-expire-in-june-2026/4426856>

    Is it possible to disable Secure Boot and still keep Secure Boot installed Windows bootable?

    Yes. Disabling secure boot only impacts the verification of the
    bootloader security cert. It does not impact Windows booting.
    The UEFI/BIOS(the system partition)loads the bootloader files, then
    passes control to Windows(the boot partition) to to ***Boot*** the device.

    Note: The experience can be different when using a Surface. The initial
    screen may be 'red'(indicating Secure Boot is off, i.e. a warning) and
    require a selection to continue and pass control to Windows to finish
    the boot process.
    --
    ...w-i|#-o-#-n|#
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From ....winston@winstonmvp@gmail.com to alt.privacy.anon-server,alt.comp.os.windows-11,alt.comp.os.windows-10 on Tue May 19 11:04:22 2026
    From Newsgroup: alt.privacy.anon-server

    On 05/19/2026 10:53 AM, s|b wrote:
    On Tue, 19 May 2026 22:48:36 +0800, Mr. Man-wai Chang wrote:

    "act now" and do what exactly?

    For website, you just need to renew the certificate, which is stamped
    with a new expiration date. :)

    According to Le Chat (AI) Windows Updates will take care of it, but I
    don't know if it's hallucinating or telling the truth.


    Secure Boot Troubleshooting Guide <https://support.microsoft.com/en-us/topic/secure-boot-troubleshooting-guide-5d1bf6b4-7972-455a-a421-0184f1e1ed7d#bkmk_secure_boot_update_scheduled_task>

    Secure Boot Certs
    ([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes)
    -match 'Windows UEFI CA 2023')
    - If this command returns rCLtrue,rCY then your PC is using the new certificate
    ([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI
    dbdefault).bytes) -match 'Windows UEFI CA 2023')
    - If this command returns rCLtrue,rCY your system is running an updated
    BIOS with the new Secure Boot certificates built in.
    Older PCs and systems without a BIOS update installed will return rCLfalserCY here.

    Instead of Windows Update:
    Manual(Force Update)
    Set-ItemProperty -Path
    rCLHKLM:\SYSTEM\CurrentControlSet\Control\SecureBootrCY -Name rCLAvailableUpdatesrCY -Value 0x40

    Start-ScheduledTask -TaskName rCL\Microsoft\Windows\PI\Secure-Boot-UpdaterCY

    After you run the commands, you have to restart your PC twice for the
    update to take effect.
    --
    ...w-i|#-o-#-n|#
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From J. P. Gilliver@G6JPG@255soft.uk to alt.privacy.anon-server,alt.comp.os.windows-11,alt.comp.os.windows-10 on Tue May 19 18:48:09 2026
    From Newsgroup: alt.privacy.anon-server

    On 2026/5/19 15:55:2, s|b wrote:
    On Tue, 19 May 2026 10:31:05 -0400, ....winston wrote:

    Philip's reply included all the relevant information.
    AI/Copilot as the source/content is not the issue - it was accurate.

    Well, I'm not going through a whole AI produced word salad. KISS and all that...

    winston was not the only one who found what was said (a) useful (b) easy
    to read. If you are determined to find otherwise, that's not our problem.

    (No-one's saying believe everything AI says.)
    --
    J. P. Gilliver. UMRA: 1960/<1985 MB++G()ALIS-Ch++(p)Ar++T+H+Sh0!:`)DNAf

    Quantum particles: the dreams that stuff is made of - David Moser
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Stan Brown@someone@example.com to alt.privacy.anon-server,alt.comp.os.windows-11,alt.comp.os.windows-10 on Tue May 19 17:46:47 2026
    From Newsgroup: alt.privacy.anon-server

    On Tue, 19 May 2026 11:44:14 +0100, Philip Herlihy wrote:
    I asked CoPilot the following question:


    **Prompt
    I understand that Windows 10 computers will need their secure boot certificates updated soon. I've checked all the computers I have
    running Windows 10 (all enrolled in Extended Security Updates) and all
    are already updated. But if a friend has a Windows 10 computer which is
    not enrolled in ESU, and they do nothing, will their computer suddenly
    cease to boot? And if so, what can they do about it?

    **Response**
    [snip]

    Bottom line:

    * The PC will not suddenly fail to boot
    * Unsupported Windows 10 systems will gradually fall behind
    * The real issue is long-term security, not immediate usability

    We know there's about a 10% chance that any given answer is wrong.
    What we don't know, and can't know, is whether any given response,
    including this one, is one of the 90% correct or the 10%
    hallucinations (which, after all, sounds better than "lies").
    --
    "The power of accurate observation is frequently called cynicism by
    those who don't have it." --George Bernard Shaw
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Lynn McGuire@lynnmcguire5@gmail.com to alt.privacy.anon-server,alt.comp.os.windows-11,alt.comp.os.windows-10 on Tue May 19 23:06:30 2026
    From Newsgroup: alt.privacy.anon-server

    On 5/19/2026 1:08 AM, ....winston wrote:
    On 05/19/2026 12:20 AM, Lynn McGuire wrote:
    On 5/18/2026 9:30 PM, anon wrote:
    Imagine following all the Micro$oft rule$, setting up your computer,
    creating a Micro$oft account and configuraing your computer to be "safe" >>> with UEFI and "Secure Boot".

    Except the certificate expires in June 2026 and it won't boot after
    that.

    If your computer has no entitlement, it cannot get the updated
    certificate
    and you are shit out of luck.

    Anything 2023 forward supposedly is okay and will get updates.-a Before
    that?-a Tough.

    What if it doesn't?-a All your boots are belong to us data recovery
    companies.

    If this is true then there will be lawsuits.-a-a Many lawsuits.

    Lynn


    Most misunderstand the impact of not updating or not having the option
    to update with the 2023 certs(to replace the expiring 2011 certs)


    Unless prepared, physical devices and VMs will:

    Lose the ability to install Secure Boot security updates after June 2026.
    Not trust third-party software signed with new certificates after June
    2026.
    Not receive security fixes for Windows Boot Manager by October 2026.
    </qp>

    It's important to understand where the term 'boot' actually applies.

    Thanks !

    Lynn
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From s|b@me@privacy.invalid to alt.privacy.anon-server,alt.comp.os.windows-11,alt.comp.os.windows-10 on Wed May 20 15:34:59 2026
    From Newsgroup: alt.privacy.anon-server

    On Tue, 19 May 2026 18:48:09 +0100, J. P. Gilliver wrote:

    winston was not the only one who found what was said (a) useful (b) easy
    to read. If you are determined to find otherwise, that's not our problem.

    We don't really care about that.
    --
    s|b
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Philip Herlihy@nothing@invalid.com to alt.privacy.anon-server,alt.comp.os.windows-11,alt.comp.os.windows-10 on Thu May 21 11:22:49 2026
    From Newsgroup: alt.privacy.anon-server

    In article <n7342aFf2nqU1@mid.individual.net>, me@privacy.invalid
    says...

    On Tue, 19 May 2026 11:44:14 +0100, Philip Herlihy wrote:

    I asked CoPilot

    <sigh>

    I'm sure if you can point out what part of that account was wrong you'll
    be doing us all a great service.
    --
    --
    Phil, London
    --- Synchronet 3.22a-Linux NewsLink 1.2