GCP-2026-029 — Published: 2026-05-07Description Description Severity Notes Microsoft is updating the Secure Boot certificates originally issued in 2011 to…

Published: 2026-05-07Description Description Severity Notes Microsoft is updating the Secure Boot certificates originally issued in 2011 to ensure Windows devices continue to verify trusted boot software. These older certificates begin expiring in June 2026. Devices that haven't received the newer 2023 certificates will continue to start and operate normally, and standard Windows updates will continue to install. However, these devices will no longer be able to receive new security protections for the early boot process, including updates to Windows Boot Manager, Secure Boot databases, revocation lists, or mitigations for newly discovered boot-level vulnerabilities. Also, Secure Boot certificate expirations starting in June 2026 affect Linux systems that use Secure Boot. What should I do? Google recommends that customers update their Windows VMs by taking appropriate actions as recommended by Microsoft. Distributions like Ubuntu, Red Hat, and Fedora are already working to provide updated packages signed with the new 2023 key. Refer also to the Broadcom documentation to resolve errors and warnings in VMware virtual machines as Secure Boot certificates approach expiration. After June 2026, systems lacking the 2023 certificate updates may experience failures during new operating system installations or while updating the existing bootloader firmware. Informational Broadcom KB 423893