This month’s Patch Tuesday is not your average update, and if you’ve been putting off Windows Update, now is genuinely not the time to do that.
Microsoft has patched eight critical vulnerabilities, including an actively exploited zero-day that attackers are already using in the wild. That alone should push you to update today. Windows 11 users have it straightforward. But if you’re still on Windows 10, and hundreds of millions of people are, you’ll need to be enrolled in Microsoft’s Extended Security Updates (ESU) program to receive this patch at all.
If you’re already optimizing your system for better performance or security, it’s also worth checking how to debloat Windows 11 to remove unnecessary background apps that can quietly affect system stability and updates over time.
The Secure Boot Clock Has Been Ticking Since 2011
Here’s something most people don’t realize: the Secure Boot certificates protecting your PC right now are based on a standard from 2011. Microsoft has never expired them before. In 15 years, not once. That changes in June 2026.
Unless your machine is less than two years old, there’s a real chance you’re still relying on those aging certificates. They expire in June, and before that deadline hits, you need to have the updated 2023 Secure Boot certificates installed to keep your device protected.
This month’s Windows Update is where that transition begins in a visible, user-facing way. Microsoft has confirmed: “Updated 2023 certificates are being delivered automatically through Windows Update,” and that the Windows Security app now shows whether your device has received them, what the current status is, and whether you need to take any action.
How to Actually Check Your Secure Boot Status
- Open the Windows Security app on your PC.
- Click on Device security > Select Secure Boot.
- Look for the color-coded badge next to the Secure Boot icon:
- Green → Everything is properly configured
- Yellow → Attention needed
- Red → Secure Boot is not properly set up
- Read the status message below the badge for a clear explanation of your current security state.
But here’s where it gets important: a green badge alone is not enough. Microsoft is clear about this. You need to see the specific text that reads, “Secure Boot is on and all required certificate updates have been applied. No further certificate changes are needed.” Anything short of that means you’re not fully covered yet.
If you’re not familiar with navigating system-level settings like this, exploring Windows accessibility features can also help you better understand and control key areas of your system, including security and device management tools.
May Brings Louder Warnings for Anyone Still Behind
If you miss this month’s update or don’t act on the certificate status, Microsoft isn’t going to let you forget it. Starting in May 2026, the Windows Update process will begin surfacing notifications outside the Security app, including system-level alerts, along with in-app guidance and controls designed to help users respond before the June deadline arrives.
In plain terms, Microsoft is giving you a runway, but the runway ends. Get the April update installed, check your Secure Boot status, and if you’re on Windows 10 without ESU enrollment, do that first.
No more excuses will fly after June.
Yes, if your device is eligible, the updated 2023 certificates are delivered automatically through Windows Update. Open the Windows Security app under Device security > Secure Boot to confirm they’ve been applied.
Your PC won’t immediately stop working, but you’ll lose a critical layer of protection against firmware-level attacks. Microsoft will continue escalating warnings through May, so treat those alerts as a hard deadline, not a suggestion.
