The warning on Windows is becoming harder to ignore. Microsoft is tightening how it flags Secure Boot status, and for devices that still need action, the alert can escalate to a red critical warning within 10 days.
The change matters because Secure Boot is tied to a new certificate rollout that must be in place before the old one expires in June. Microsoft says the updated certificate is needed so protection continues to work as designed, and the company is pushing users to check their devices in Windows Security.
What users will see in Windows Security
The notice is centered in Windows Security under Device Security > Secure Boot. There, users can check whether the device has received the update, what the current status looks like, and whether anything still needs to be done.
Microsoft has already started changing how the warning appears. The first stage arrived on PCs last month and introduced a new badge showing the current certificate status, with green and yellow caution states.
At that stage, users could still dismiss the warning and return the badge from yellow to green. The second stage is more serious because it adds actionable and non-actionable notifications, depending on the device’s status.
Why the 10-day escalation matters
For PCs that still need action, Microsoft says the warning will move to red critical after 10 days. That escalation is meant to make the deadline more visible as the old certificate gets closer to expiring.
The company began the second phase for Windows 10 users on May 13 and for Windows 11 users on May 16. Microsoft advises users to review their PCs after those dates so the Secure Boot status stays clear.
If the device remains unupdated, the effect goes beyond a notification change. Microsoft warns that protection against newer threats may be reduced, including scenarios that depend on Secure Boot trust such as BitLocker reinforcement or third-party bootloaders.
What options remain for users
When the status is still yellow, users can use the dismissal option to stop new notifications for that condition. If the warning turns red, Windows shows a different option: “I accept the risks, don’t remind me.”
Selecting that option causes Windows Update to return the badge to green and suppress future notifications. Even so, the underlying risk does not disappear if the new certificate has not actually been installed.
That is why a green badge after dismissal should not be read as a guarantee that everything is fixed. It only means the warning no longer appears, not that the device has been fully protected by the new update.
Most devices should update automatically
Microsoft says most Windows PCs will receive the updated certificate automatically. In many cases, OEMs also provide firmware updates when needed, so users do not always need to handle the process manually.
The company also stresses that keeping devices up to date helps ensure PCs continue to get the full protection Secure Boot is designed to provide. When Windows Security says action is required, Microsoft recommends checking for available updates right away.
The timing is especially important because the early warning phase already appeared in April, and Microsoft has been signaling that the alert would become stronger as June approached. With 1.6 billion confirmed Windows users, the shift affects a very large number of devices as the company closes out the old certificate’s lifespan.