BrianKrebsJun 15

I've got a dusty old Windows 11 system running in a virtual machine, and when I booted it up the other day I was met not with MS's usual login prompt but instead w/ a BitLocker recovery blue screen.

Then I remembered the cause (when all else fails, check your own site doh!): As we warned in January 2026, Microsoft is expiring a bunch of older Windows Secure Boot certificates in June 2026 and October 2026. Once these 2011 certificates expire, Windows devices that do not have the new certificates can no longer receive Secure Boot security fixes.

Fortunately in this case I was able to recover the Win11 system and update the certificates by pasting the supplied recovery key at aka.ms/myrecoverykey. But I suspect things can get far more complicated for organizations having to deal with this on a large number of machines.

https://krebsonsecurity.com/2026/01/patch-tuesday-january-2026-edition/

Show threadjohn r red-horseJun 15

@briankrebs

I know you've gotten a bunch of responses already, but I'll throw out one more scenario: If I boot my dual-booting (win11/linux) system to win11 via Grub then try via the UEFI Bootloader, I am prompted for my Bitlocker recovery key just as you are here, and vice versa. I think the TPM has the capability to save the most recent successful boot method across re-starts.

You didn't happen to do something similar to using two different bootloaders, did you?

Show threadBrianKrebs
@jrredho I think I know what happened. I restored a previous snapshot and this happened after I rebooted.
Jun 15 at 9:35pmWeb