BrianKrebsJun 15

I've got a dusty old Windows 11 system running in a virtual machine, and when I booted it up the other day I was met not with MS's usual login prompt but instead w/ a BitLocker recovery blue screen.

Then I remembered the cause (when all else fails, check your own site doh!): As we warned in January 2026, Microsoft is expiring a bunch of older Windows Secure Boot certificates in June 2026 and October 2026. Once these 2011 certificates expire, Windows devices that do not have the new certificates can no longer receive Secure Boot security fixes.

Fortunately in this case I was able to recover the Win11 system and update the certificates by pasting the supplied recovery key at aka.ms/myrecoverykey. But I suspect things can get far more complicated for organizations having to deal with this on a large number of machines.

https://krebsonsecurity.com/2026/01/patch-tuesday-january-2026-edition/

Show threadMauricio Teixeira βš½πŸ‡ΊπŸ‡ΈπŸ‡§πŸ‡·πŸ†

@briankrebs
Which problem do you think is the concerning one: not having the keys, or having to type the keys?

The typing key problem was solved during the 2024 Crowdstrike fiasco.

https://www.theregister.com/software/2024/07/25/how-a-barcode-scanner-helped-fix-crowdstrike-mess-in-a-flash/1154172

How a barcode scanner helped fix CrowdStrike mess in a flash

This one weird trick saved countless hours and stress – no, really

theregister
Jun 15 at 4:30pmWeb