This cumulative update addresses critical virtualization issues and includes security improvements from the previous July 8, 2025, security update (KB5062553), while also delivering an important warning about upcoming Secure Boot certificate expiration.
The primary focus of this OOB update centers on resolving a significant issue affecting Azure Virtual Machines with Trusted Launch disabled.
The problem prevented certain virtual machines from starting when Virtualization-Based Security (VBS) was enabled, specifically impacting VMs using the non-default version 8.0 configuration where VBS was offered by the host environment.
This critical fix particularly affects standard (non-Trusted Launch) General Enterprise (GE) VMs running on older VM SKUs within Microsoft’s Azure cloud platform.
The root cause was identified as a secure kernel initialization issue that disrupted the boot process for affected virtual machines.
System administrators managing Azure deployments should prioritize this update to ensure continued VM functionality and prevent potential service disruptions.
Microsoft has issued a crucial advisory regarding Windows Secure Boot certificates used by most Windows devices, which are scheduled to expire starting in June 2026.
This expiration could significantly impact the ability of both personal and business devices to boot securely if certificates are not updated in advance.
The company strongly recommends that IT administrators and users review the guidance documentation titled “Windows Secure Boot certificate expiration and CA updates” to understand the preparation steps required.
Proactive certificate management will be essential to avoid widespread boot failures across Windows deployments when the expiration date approaches.
The update package combines the latest Servicing Stack Update (SSU) KB5063666 with version 26100.4651, ensuring robust and reliable servicing stack functionality for future Windows updates.
This combined approach streamlines the update process while maintaining system stability.
Installation is available through multiple channels, including Windows Update, Business Catalog, and Server Update Services.
For enterprise environments requiring update removal, administrators can use the DISM/Remove-Package command line option with the LCU package name as the argument.
However, the Windows Update Standalone Installer (wusa.exe) with the /uninstall switch will not work on the combined package due to SSU integration.
Microsoft reports no known issues with this update, making it a safe deployment for production environments.
The cumulative nature ensures that all previous security fixes and improvements remain intact while addressing the critical virtualization problems identified in Azure environments.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant updates
The post Microsoft Warns – Windows Secure Boot Certificate Expired in June appeared first on Cyber Security News.
Crimson Desert has hit a new Steam concurrent player peak during its second weekend, after…
Project Hail Mary has hurtled past the $300 million mark at the global box office,…
Today, for the first time in forever, Disneyland Paris has officially opened up the gates…
A new weekend has arrived, and today, you can save big on Death Stranding 2:…
Netflix in April will take us back to Hawkins, Indiana, for a Stranger Things animated…
If you're organizing an Easter egg hunt for the kids (or an ironic after-church party…
This website uses cookies.