Microsoft has just confirmed there are now 1.6 billion Windows users — most of whom are affected by its decision to terminate critical Secure Boot certificates for the first time since 2011. April’s various Windows updates included new status updates and refreshed certificates for all eligible PCs. Check yours now.

Microsoft says that following these changes to Windows Update, the security app will "show whether devices have received these updates, their current status, and whether action is needed" under Device Security > Secure Boot. This escalates to a “red (critical)” warning in 10 days, affecting all PCs where action is needed.

The original Secure Boot certificates start expiring in June, by which time you need to ensure you have installed new ones. If not, Microsoft warns , “this limits the device’s protection against emerging threats and may affect scenarios that rely on Secure Boot trust, such as BitLocker hardening or third-party bootloaders.”

Microsoft explains that “enhancements in the Windows Security app that provide additional information about Secure Boot certificates will roll out in two phases.”

Phase 1 of the changes hit PCs last month. New icon badges “reflect the current certificate state. During Phase 1, badges are either green or yellow (caution), and the user can select the dismissal option to revert a yellow icon badge to green.”

The more critical Phase 2 will hit Windows 10 users on May 13 and Windows 11 users on May 16. During Phase 2, “security app notifications for actionable and unserviceable Secure Boot states” will show a yellow caution state or a red critical state. You should check for this on your PC after those dates.

Microsoft says that if yellow, users can “select dismissal option to suppress new notifications for this state.” Whereas if the state is red, there will be an option “for the user to select ‘I accept the risks, don’t remind me.’” If you do that, Windows Update “reverts badges to ‘green’ and suppresses all new notifications.”

While the initial status update hit in April, Microsoft was clear at the time that it would start to escalate user warnings on PCs without new certificates as the June deadline approaches. That starts this month. Take action if advised.

“Most Windows devices will receive the updated certificates automatically,” Microsoft says, “and many OEMs provide firmware updates when needed. Keeping your device current with these updates helps ensures it can continue receiving the full set of security protections that Secure Boot is designed to provide.”