Microsoft Warns: Secure Boot Bypassed by Expired Windows UEFI

Microsoft has patched a critical security feature bypass vulnerability in Windows Secure Boot certificates, tracked as CVE-2026-21265. This fix was released as part of its January 2026 Patch Tuesday updates.

The flaw stems from expiring 2011-era certificates that underpin Secure Boot’s trust chain, potentially allowing attackers to disrupt boot integrity if unpatched.

Rated Important with a CVSS v3.1 base score of 6.4, the issue requires local access, high privileges, and high attack complexity, making exploitation less likely.msrc.microsoft+4​

CVE-2026-21265 arises because Microsoft certificates stored in UEFI KEK and DB are nearing expiration dates in mid-2026, risking Secure Boot failure without updates.

Firmware defects in the OS’s certificate update mechanism can disrupt the trust chain, compromising Windows Boot Manager and third-party loaders. Publicly disclosed but not yet exploited in the wild, Microsoft urges immediate deployment of 2023 replacement certificates.

Three key 2011 certificates must be renewed to sustain Secure Boot:

Failure to update exposes devices to boot-time attacks, as noted in Microsoft’s November 2025 advisory.

Affected Systems and Patches

Patches target legacy Windows Server and extended-support editions, all marked as customer action required.​

Organizations with IT-managed or Microsoft-managed updates should prioritize deployment. Verify firmware compatibility to avoid post-patch boot issues.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.