Microsoft Warns Secure Boot May Be Bypassed as Windows UEFI Certificates Expire

Microsoft Warns Secure Boot May Be Bypassed as Windows UEFI Certificates Expire

Posted on By CWS

Microsoft has addressed a essential safety characteristic bypass vulnerability in Home windows Safe Boot certificates, tracked as CVE-2026-21265, by way of its January 2026 Patch Tuesday updates.

The flaw stems from expiring 2011-era certificates that underpin Safe Boot’s belief chain, probably permitting attackers to disrupt boot integrity if unpatched.

Rated Vital with a CVSS v3.1 base rating of 6.4, the difficulty requires native entry, excessive privileges, and excessive assault complexity, making exploitation much less probably.msrc.microsoft+4​

CVE-2026-21265 arises as a result of Microsoft certificates saved in UEFI KEK and DB are nearing expiration dates in mid-2026, risking Safe Boot failure with out updates.

Firmware defects within the OS’s certificates replace mechanism can disrupt the belief chain, compromising Home windows Boot Supervisor and third-party loaders. Publicly disclosed however not but exploited within the wild, Microsoft urges instant deployment of 2023 substitute certificates.

Three key 2011 certificates have to be renewed to maintain Safe Boot:

Certificates AuthorityLocationPurposeExpiration DateMicrosoft Company KEK CA 2011KEKSigns updates to DB and DBX06/24/2026​Microsoft Company UEFI CA 2011DBSigns third occasion boot loaders, Choice ROMs06/27/2026​Microsoft Home windows Manufacturing PCA 2011DBSigns the Home windows Boot Manager10/19/2026​

Failure to replace exposes gadgets to boot-time assaults, as famous in Microsoft’s November 2025 advisory.

Affected Methods and Patches

Patches goal legacy Home windows Server and extended-support editions, all marked as buyer motion required.​

ProductKB ArticleBuild NumberUpdate TypeWindows Server 2012 R2 (Core)5073696​6.3.9600.22968Monthly RollupWindows Server 2012 R25073696​6.3.9600.22968Monthly RollupWindows Server 2012 (Core)5073698​6.2.9200.25868Monthly RollupWindows Server 20125073698​6.2.9200.25868Monthly RollupWindows Server 2016 (Core)5073722​10.0.14393.8783Security UpdateWindows Server 20165073722​10.0.14393.8783Security UpdateWindows 10 Model 1607 x645073722​10.0.14393.8783Security UpdateWindows 10 Model 1607 x865073722​10.0.14393.8783Security Replace

Organizations with IT-managed or Microsoft-managed updates ought to prioritize deployment. Confirm firmware compatibility to keep away from post-patch boot points.

Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

Poland Arrested Suspected Russian Citizen Hacking for Local Organizations Computer Networks Poland Arrested Suspected Russian Citizen Hacking for Local Organizations Computer Networks Cyber Security News
Beware of Fake Online Speedtest Application With Obfuscated JS Codes Beware of Fake Online Speedtest Application With Obfuscated JS Codes Cyber Security News
New Tykit Phishing Kit Mimics Microsoft 365 Login Pages to Steal Corporate Account Credentials New Tykit Phishing Kit Mimics Microsoft 365 Login Pages to Steal Corporate Account Credentials Cyber Security News
New Vulnerability Affects All Intel Processors From The Last 6 Years New Vulnerability Affects All Intel Processors From The Last 6 Years Cyber Security News
Evolution of DDoS Attacks Mitigation Strategies for 2025 Evolution of DDoS Attacks Mitigation Strategies for 2025 Cyber Security News
Notepad++ DLL Hijacking Vulnerability Let Attackers Execute Malicious Code Notepad++ DLL Hijacking Vulnerability Let Attackers Execute Malicious Code Cyber Security News