Microsoft's latest Windows update now confirms if your PC is Secure Boot-protected - how it works

Microsoft's latest April 2026 Patch Tuesday update for Windows 11 and 10 delivers a crucial new security feature: a built-in status indicator for Secure Boot. This feature, found in the Windows Security settings under 'Device security,' now displays a color-coded icon (green, yellow, or red) alongside a descriptive message. It explicitly tells users whether their PC is protected with the latest Secure Boot certificates or is still using an older, expiring configuration that needs updating. This visual cue is part of Microsoft's push to ensure all devices transition to new certificates before the old ones expire in June 2026, which would otherwise leave systems vulnerable to bootkit attacks that target the startup process.

Beyond the Secure Boot dashboard, the April update is a massive security release, addressing a total of 164 documented vulnerabilities. This count is notably higher than typical monthly patches and includes 8 flaws rated as critical and 2 identified as zero-days—exploits already being used in attacks. Patch management firm Action1 has advised organizations to prioritize this update immediately due to its scope and severity. For end-users, the process is straightforward: installing the latest Windows updates via Settings > Windows Update will automatically deliver the new certificates. After updating, a green icon with the message 'all required certificate updates have been applied' confirms the system is protected against the upcoming certificate expiration and the patched critical vulnerabilities.