Follow ZDNET: Add us as a preferred source on Google.
ZDNET’s key takeaways
- Windows will now tell you if Secure Boot is working properly.
- The new status indicates whether you have the latest Secure Boot updates.
- The April Windows update also patches a whopping 164 security flaws.
Microsoft’s Secure Boot defends your Windows PC against dangerous bootkit malware. To keep your PC protected, the company has been racing to replace older Secure Boot certificates before they expire in June. But how do you know if your PC has received the newer certificates? Windows itself will now tell you.
Arriving this week with the April Patch Tuesday updates for Windows 11 and Windows 10 is a new visual clue and description to indicate the status of Secure Boot on your computer. The new information will tell you whether you’re protected with the latest certificates or still at risk. Here’s how this works.
Also: How to check your Windows PC for expiring security certificates
In Windows 11, go to Settings, select Privacy & security, choose Windows Security, and then click Device security. Scroll down to the Secure Boot setting. In Windows 10, head to Settings, select Update & security, choose Windows Security, and then click Device Security. Scroll down to the Secure Boot setting.
Secure Boot icon appears in one of three colors
Depending on your status, the Secure Boot icon will appear in one of three colors — green, yellow, or red. A green icon means that your device is protected with no recommended actions. A yellow icon indicates a safety recommendation is awaiting you. A red icon indicates that something needs your immediate attention.
However, even a green icon doesn’t necessarily mean you’re in the clear. The message that accompanies the icon provides further details.
On a spare Windows PC that I haven’t updated in quite a while, the green icon appeared. However, the message told me: “Secure Boot is on, but your device is using an older boot trust configuration that should be updated.” On my main PC, where Secure Boot is enabled and up to date, the message said: “Secure Boot is on, and all required certificate updates have been applied.”
To get the new Secure Boot certificates, just make sure you’ve applied the latest Windows updates. In Windows 10 Settings, head to Update & Security, select Windows Update, and then click the button to check for updates. In Windows 11 Settings, just go to Windows Update and click the button to check for updates. Allow the latest updates to download and install, and then check the Secure Boot status again.
Secure Boot is an important security feature as it thwarts bootkit malware as soon as you turn on your PC, something that Windows-based security software can’t handle. That’s why you should make sure you’re using the latest Secure Boot certificates. Come June, the older ones will expire, which means Secure Boot will no longer be able to properly protect you.
Zero-days and multiple critical issues, too
Outside of the Secure Boot status, the April Windows updates are loaded with security fixes. In fact, this month’s update addresses a whopping 164 vulnerabilities, well above the usual number . Eight of the security bugs are rated critical, while two are deemed zero-day flaws. For that reason alone, make sure you’re running the latest update in Windows 11 or 10.
“The elevated number of patches, combined with the presence of zero-days and multiple critical issues, makes this a release that should be prioritized for immediate attention,” patch management provider Action1 said in an advisory.”