FlagThis - Latest Cybersecurity News

The expiration of the Microsoft KEK CA 2011 and UEFI CA 2011 certificates in June 2026 presents a significant operational risk to the global x86-64 ecosystem. Because these certificates are hardcoded within the UEFI firmware's NVRAM—specifically the Key Exchange Key (KEK) and 'db' (Signature Database) variable stores—any subsequent updates to bootloaders that rely on the 2023 Certificate Authority (CA) without corresponding OEM firmware updates will result in a "Secure Boot Violation." This creates a widespread Denial of Service (DoS) condition, rendering billions of PCs, servers, and cloud-hosted virtualized instances unbootable during the post-expiration transition period.