Updated on May 18 with new detail about the new folder Microsoft has quietly added to your all Windows PCs, and the scripts it contains.
In an “important” update last week, Microsoft confirmed that the Secure Boot certificate expiration that starts in June will affect “most Windows devices.” To avoid disruption, the company says “take action to update certificates in advance.”
Affected PC owners are told a”new ‘SecureBoot’ folder created by Windows 11’s May 2026 Update is expected behavior for Secure Boot certificates update and not a known issue.”Per Windows Latest, you don’t need to delete it, but you do need to “reboot your PC once or twice to finish applying the changes.”
Microsoft says failing to install the latest Windows update, which should refresh your Secure Boot certificates, “might affect the ability of certain personal and business devices to boot securely if not updated in time.” After you update, it’s likely that your PC will undergo a “one time restart” to load new certificates.
In a separate warning, Microsoft warns problems “could occur as early as June.” If a security update “cannot be delivered to your device’s current boot configuration,” because your PC “has not yet received the updated certificate,” you will see a “Secure Boot badge change to a red stop icon” in the Windows Security app.
Microsoft issued its latest update on May 12. It was then refreshed 24 hours later to add its “Secure Boot release note.” But the update was changed again on May 15, with a warning that this critical update may “fail to install.”
That gives Windows users a dilemma — given the need to ensure the update has been installed on PCs by June 1. Microsoft says the workaround for most users is likely a restart, albeit this will rollback the update. It’s unclear what this means for Secure Boot certificates that are wrapped into the software download.
There is a more nuanced Secure Boot warning in this week’s update as well. “With this update,” Microsoft says, “Windows quality updates include additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates.”
Not the clearest language for any worried users. And not helped by a cryptic warning that “devices receive the new certificates only after demonstrating sufficient successful update signals, maintaining a controlled and phased rollout.”
We will not know how many PCs are affected by this for some time.
Meanwhile, Neowin has picked up on the Secure Boot folder Microsoft has added in the latest Windows update, which it says just made it easier to install the mandatory crucial Windows 11 updates,” through what it describes as “centralized Secure Boot deployment scripts for even easier management.”
“For some reason,” Neowin says, “the company forgot to mention it in the initial release notes but later mended that by adding it in.” The change means that the Windows maker has now “compiled all the necessary resources into one place under the ‘ExampleRolloutScripts’ folder.”
This won’t affect home users, but is designed for “IT admins and system admins to automate the installations, via GPO (Group Policy Object) deployment, as well as monitor and keep track of the Secure Boot update status.”
Windows Latest says that while “in theory, this folder is meant for IT admins or enterprises, it’s being rolled out to everyone, including those who use Windows 11 Home. The ‘SecureBoot’ folder showed up on all my PCs, including my test virtual machines where Secure Boot 2023 certificates are already applied.”
There are seven Microsoft-authored PowerShell scripts in the new folder, designed to check the status of the Secure Boot certificates currently installed and then schedule updates as required. Nothing else on your PC will change.
