April Windows Update Adds New Secure Boot Status Information
Microsoft’s latest Patch Tuesday is a major security release, with 8 critical flaws and an actively exploited zero-day vulnerability. PC owners are urged to update as quickly as possible.
For Windows 11 users, that process is straightforward. But for the hundreds of millions still using Windows 10, continued protection depends on Microsoft’s extended support.
What changes in April is not the usual monthly security cycle itself, but what Windows users will now see inside the Windows Security app. Starting in April 2026, the app shows added details about the status of Secure Boot certificate updates on a device. This information appears under Device security > Secure Boot.
Why the Secure Boot Certificate Change Matters
Microsoft Is Expiring Secure Boot Certificates for the First Time
This marks a first. After 15 years, Microsoft is expiring Secure Boot certificates for the first time. Those certificates trace back to an issue from 2011, and unless a PC is less than two years old, it is still likely relying on them.
Those certificates expire in June. By then, devices need to have the 2023 Secure Boot certificates installed to remain protected.
That makes this update especially important. The new update status check and the new certificates are both built into the latest security update, which means the April release is doing more than routine patching. It is also giving users visibility into whether their system is ready for the Secure Boot certificate deadline ahead.
Windows 10 Users Need Eligibility for the Update
There’s a practical consequence here. If a device is not eligible for this update, it will not receive the alert and it will not receive the new certificates either.
That’s a serious distinction for Windows 10 users who still need Microsoft’s extended support. Without eligibility, there is no built-in warning and no certificate delivery through this update path.
How Windows Security Now Shows Secure Boot Certificate Status
Microsoft has updated its guidance to make the change clear: the updated 2023 certificates are being delivered automatically through Windows Update, and the Windows Security app now indicates whether a device has received those updates, what the current status is, and whether anything still needs to be done.
Where to Check Secure Boot Status
Users can find this information in the Windows Security app by going to:
- Device security
- Secure Boot
Once there, the status is shown with visual indicators and supporting text.
What the Green, Yellow, and Red Badges Mean
Microsoft says a green, yellow, or red badge attached to the Secure Boot icon reflects the current Secure Boot status. Alongside the badge, users will also see text guidance with more detail.
That matters because the badge alone is not enough.
A Green Checkmark Is Not Enough on Its Own
Microsoft explicitly warns that a green checkmark by itself does not prove the certificates are updated. Users also need to look for the text confirming the full status.
The wording to check for is:
“Secure Boot is on and all required certificate updates have been applied. No further certificate changes are needed.”
Without that message, a green icon alone should not be treated as final confirmation.
This is one of the most important details in the update because it changes how users should interpret what they see. A quick glance is no longer enough. The full text matters.
April Is the First Step, May Adds More Warnings
The April change introduces the Secure Boot status check inside the app. But Microsoft says this is only the beginning.
Starting in May 2026, additional improvements will roll out. These include notifications outside the app, such as system alerts, along with more in-app guidance and controls to help users respond to Secure Boot warnings.
That means the warning system is expanding beyond a single screen inside Windows Security. Users will begin seeing stronger prompts and more direct guidance as the June deadline gets closer.
What Windows Users Need to Do Before the June Deadline
Install the Latest Security Update
The immediate step is to install the latest security update. That update includes both the new certificate status check and the delivery mechanism for the new certificates.
Check the Secure Boot Section in Windows Security
After updating, users should open the Windows Security app and review the Secure Boot section under Device security. The goal is not just to see a badge, but to confirm the full message that says all required certificate updates have been applied.
Make Sure the Device Is Eligible
If a device is not eligible for the update, it will not receive the alert or the new certificates. For users still on Windows 10, this is especially important because ongoing protection depends on extended support.
Do Not Wait for the Deadline
The certificates expire in June, and Microsoft is already surfacing the warnings now. Additional alerts begin in May, which makes the direction unmistakable: users are expected to act before the deadline rather than after it.
Why This Windows Update Stands Out
Most monthly Windows updates are familiar. They patch flaws, fix urgent issues, and move on. This one is different because it combines a major security release with a visible platform change that affects how users monitor device readiness.
The update does three things at once:
- fixes critical vulnerabilities
- delivers updated 2023 Secure Boot certificates automatically through Windows Update
- adds a new status system inside the Windows Security app
And that last part is what makes this shift feel unusually significant. Microsoft is no longer leaving certificate status in the background. It is putting the information directly in front of users, then following it with broader alerts in the next phase.
Secure Boot Warnings Are About to Become Harder to Ignore
In April, the change shows up in the app. In May, it expands into system alerts and added guidance. By June, the older certificates expire.
That sequence is the real message here. Microsoft is building a clearer warning path so users can see their Secure Boot certificate status, understand whether action is required, and respond before the deadline arrives.
Put simply, the update is no longer just about installing patches. It is now also about confirming certificate readiness and paying attention to the exact status Windows reports.