While some recent Windows updates have caused system instability or other issues, you're still better off keeping your system up to date, especially if it's affecting your computer's security for years to come.
Follow Tom's Hardware on Google News , or add us as a preferred source , to get our latest news, analysis, & reviews in your feeds.
Andrew E. Freedman is a senior editor at Tom's Hardware focusing on laptops, desktops and gaming. He also keeps up with the latest news. A lover of all things gaming and tech, his previous work has shown up in Tom's Guide, Laptop Mag, Kotaku, PCMag and Complex, among others. Follow him on Threads @FreedmanAE and BlueSky @andrewfreedman.net . You can send him tips on Signal: andrewfreedman.01 ","collapsible":{"enabled":true,"maxHeight":250,"readMoreText":"Read more","readLessText":"Read less"}}), "https://slice.vanilla.futurecdn.net/13-4-13/js/authorBio.js"); } else { console.error('%c FTE ','background: #9306F9; color: #ffffff','no lazy slice hydration function available'); } Andrew E. Freedman Social Links Navigation Andrew E. Freedman is a senior editor at Tom's Hardware focusing on laptops, desktops and gaming. He also keeps up with the latest news. A lover of all things gaming and tech, his previous work has shown up in Tom's Guide, Laptop Mag, Kotaku, PCMag and Complex, among others. Follow him on Threads @FreedmanAE and BlueSky @andrewfreedman.net . You can send him tips on Signal: andrewfreedman.01
LiarsICantUseAnyNameIWish Nobody should expect Microsoft to be renewing certificates for their own Surface products if they require a firmware update. Microsoft have "ended support" for most of their Surface products, and even the really expensive Surface Books too, meaning Surface products with hardware still supported by the manufacturers like Nvidia etc can never be updated to remain secure. There are so many vulnerabilities in older Surface models with OEM supported hardware because Microsoft refuse to let the manufacturers to apply updates on them. Never ever buy a Surface product, you'll quickly end up with computer that can't stop remote code executions or has glitchy drivers. You will not able to install updated drivers yourself for some hardware, like Nvidia or Intel etc, so don't expect new Secure Boot certificates neither. Reply
JRStern I have no idea what this means. Does it mean my Win10 system will no longer boot? Reply
ravewulf I intentionally turned Secure Boot off when I built this system. Also disabled the TPM and avoided BitLocker like the plague. Living dangerously and having no issues 😛 (well, unrelated issues but whatever) Reply
USAFRet JRStern said: I have no idea what this means. Does it mean my Win10 system will no longer boot? No, it will boot just fine. https://support.microsoft.com/en-us/topic/when-secure-boot-certificates-expire-on-windows-devices-c83b6afd-a2b6-43c6-938e-57046c80c1c2 Reply
bigdragon JRStern said: I have no idea what this means. Does it mean my Win10 system will no longer boot? No, your system will still boot normally. These changes to Secure Boot have 2 significant effects: If you have a newer device, then you probably only have the 2023 certificates now. The 2023 certificates will continue to be supported for at least the next decade. If you have an older device then you'll have both the expiring 2011 certs and the new 2023 certs. Your unsupported firmware and software will still work with the 2011 certs while supported firmware and software gets signed for use with the 2023 certs.The problem with keeping the 2011 certificates around is that they've accumulated a lot of revocation records during their lifespan. The expiration of these certificates also means the end of support is near. New revocation records may no longer be maintained which could open your boot process up to vulnerabilities (could as in maybe; not a guarantee). Reply
MadocOwain bigdragon said: No, your system will still boot normally. These changes to Secure Boot have 2 significant effects: If you have a newer device, then you probably only have the 2023 certificates now. The 2023 certificates will continue to be supported for at least the next decade. If you have an older device then you'll have both the expiring 2011 certs and the new 2023 certs. Your unsupported firmware and software will still work with the 2011 certs while supported firmware and software gets signed for use with the 2023 certs.The problem with keeping the 2011 certificates around is that they've accumulated a lot of revocation records during their lifespan. The expiration of these certificates also means the end of support is near. New revocation records may no longer be maintained which could open your boot process up to vulnerabilities (could as in maybe; not a guarantee). For gamers who play games that require Secure Boot for anti-cheat software, this could also mean they'd be unable to play. Reply
MoxNix "Plug security holes before they happen" Sounds like a protection racket Reply
bigdragon MadocOwain said: For gamers who play games that require Secure Boot for anti-cheat software, this could also mean they'd be unable to play. Nonsense. Secure Boot was never intended to support video game anti-cheat. I have my own custom DB certificates installed in addition to the Microsoft ones (2011 and 2023). The anti-cheat software is only looking to make sure Secure Boot is enabled and that Microsoft's binaries have established a chain of trust. Anti-cheat has never once complained about my custom certs or the binaries I've signed. Reply
MadocOwain bigdragon said: Nonsense. Secure Boot was never intended to support video game anti-cheat. I have my own custom DB certificates installed in addition to the Microsoft ones (2011 and 2023). The anti-cheat software is only looking to make sure Secure Boot is enabled and that Microsoft's binaries have established a chain of trust. Anti-cheat has never once complained about my custom certs or the binaries I've signed. I applaud your ingenuity, and would ask you to post a link to a blog about your experiences to share with other gamers who may not have implemented this solution. However, none of that invalidates my response. Reply
Jame5 "We continue to encourage customers to always use a supported version of Windows for best performance and protection." Then stop loading up your supported OS versions with bloatware/spyware/crapware. Reply
Key considerations
- Investor positioning can change fast
- Volatility remains possible near catalysts
- Macro rates and liquidity can dominate flows
Reference reading
- https://www.tomshardware.com/software/windows/SPONSORED_LINK_URL
- https://www.tomshardware.com/software/windows/microsoft-is-refreshing-secure-boot-certificates-to-plug-security-holes-before-they-happen-if-you-bought-a-pc-last-year-you-should-be-set#main
- https://www.tomshardware.com
- John Carmack muses using a long fiber line as an L2 cache for streaming AI data — programmer imagines fiber as alternative to DRAM
- Claimed 1,100% increase in AI-driven layoffs in 2025 might be misleading — firms accused of exaggerating AI performance to downplay poor business performance
- A monitor light bar is the most underrated upgrade you can make to your setup — but not all of them are born equal, so here’s how to choose one that fits you
- AI Copilot Keeps Berkeley’s X-Ray Particle Accelerator on Track
- Sony will ship its final Blu-ray recorders this month — exit from Japanese market the end of an era for the segment
Informational only. No financial advice. Do your own research.