I've got a dusty old Windows 11 system running in a virtual machine, and when I booted it up the other day I was met not with MS's usual login prompt but instead w/ a BitLocker recovery blue screen.
Then I remembered the cause (when all else fails, check your own site doh!): As we warned in January 2026, Microsoft is expiring a bunch of older Windows Secure Boot certificates in June 2026 and October 2026. Once these 2011 certificates expire, Windows devices that do not have the new certificates can no longer receive Secure Boot security fixes.
Fortunately in this case I was able to recover the Win11 system and update the certificates by pasting the supplied recovery key at aka.ms/myrecoverykey. But I suspect things can get far more complicated for organizations having to deal with this on a large number of machines.
https://krebsonsecurity.com/2026/01/patch-tuesday-january-2026-edition/






