BrianKrebsJun 15

I've got a dusty old Windows 11 system running in a virtual machine, and when I booted it up the other day I was met not with MS's usual login prompt but instead w/ a BitLocker recovery blue screen.

Then I remembered the cause (when all else fails, check your own site doh!): As we warned in January 2026, Microsoft is expiring a bunch of older Windows Secure Boot certificates in June 2026 and October 2026. Once these 2011 certificates expire, Windows devices that do not have the new certificates can no longer receive Secure Boot security fixes.

Fortunately in this case I was able to recover the Win11 system and update the certificates by pasting the supplied recovery key at aka.ms/myrecoverykey. But I suspect things can get far more complicated for organizations having to deal with this on a large number of machines.

https://krebsonsecurity.com/2026/01/patch-tuesday-january-2026-edition/

Show threadRay McCarthyJun 15

@briankrebs
windows 5.x is old & dusty.
Win11 isn't.
This is a stupid design mistake.
Also people should not automatically assume they should have Bitlocker.

The information of most people is of no interest to most laptop thieves, vs difficulty of using the SSD / HDD with a different mobo/laptop if computer fails.
Some people really do need bitlocker or similar. But how secure is bitlocker from the State seizure of the laptop?
I have recovered files on a dead PC from an HDD that had bitlocker.

Show threadBrianKrebs
@raymaccarthy By "dusty" I just meant I created it a while back but hadn't really used it much at all.
Jun 15 at 9:34pmWeb
Show threadRay McCarthyJun 15
@briankrebs
I booted Win10 twice this year 😀 on real HW and once on VM.
I've nothing that needs it.
I've an LED badge with USB that needs Win7 and that works on the VM on Linux. I might change the message.