Microsoft’s latest Windows 11 updates are triggering extra reboots on some machines. Users see their PCs restart twice, sometimes three times. Panic sets in. Is the system broken? No. It’s Secure Boot doing its job.
The company laid it out clearly on its Windows release health dashboard. “With recent and upcoming Windows updates over the next few months, a limited number of consumer and business devices might experience one additional restart during installation,” Microsoft stated. “This one-time restart occurs after a Secure Boot certificate update is applied as part of the Secure Boot update process.”
Secure Boot blocks malware from loading before the operating system kicks in. Rootkits? No chance. But the certificates enabling this feature date back to 2011. They expire in June 2026. Miss the switch to 2023 versions, and devices could face boot failures or blocked updates. Microsoft started the rollout earlier this year, phasing it through monthly patches.
Take the April 2026 updates. KB5083769 and KB5083631 pushed the changes wider. Windows Latest reported users watching installs drag on for 20 minutes, fearing boot loops. One tester described the dread: PC powers off once for the update. Then again. Then maybe a third time. Natural to worry.
But here’s the reality. Normal monthly updates need one reboot. Feature updates or driver installs might demand more. Secure Boot cert swaps add that extra step because firmware integration requires it. Devices get the new keys only after proving stability via update signals. High-confidence targeting keeps it controlled.
Not every PC hits this. Limited consumer and business devices only. Check status in Windows Security app under Device security > Secure Boot. Green badge? All good, updated. Yellow? Older config, update coming. Red? Action needed, often OEM firmware help. Microsoft added these badges for Pro and Home users in April 2026. Notifications follow in May.
And complications arise. Firmware glitches block certs on older hardware. Thousands of machines reportedly affected. BitLocker users face recovery prompts if Secure Boot shifts without suspension—PCR measurements change. IT admins scramble with Intune or Group Policy to force registry keys like AvailableUpdates set to 0x5944, trigger tasks, reboot twice.
TechRadar captured the user side first. “When your PC restarts for a third time during what should be a simple update, it’s only natural to start fearing that something’s wrong,” they wrote. Microsoft insists it’s intentional. Over the next months, expect more. May’s update lands soon.
Enterprise fleets feel it hardest. Domain controllers crash in multi-domain setups with Privileged Access Management post-April patches, as noted in KB5082063 release notes. LSASS failures loop restarts. Separate but timing overlaps with cert pushes.
So what now? Let it run. Multiple reboots signal success—the new cert landed. Pause if spooked, but don’t. Firmware updates from OEMs help older rigs. For manual checks, PowerShell: Confirm-SecureBootUEFI. See 2023 certs in DB? Done.
This isn’t Windows Update’s first rodeo. Past Patch Tuesdays brought BSODs, install loops. October 2024’s KB5044284 locked media installs from future patches. April 2026 KB5083769 wrecked backups—Acronis, UrBackup timed out. Patterns emerge. Microsoft phases, monitors, fixes. But insiders know: test fleets first.
Deadlines loom. June 2026 hits soon. Unpatched devices risk everything. IT pros deploy playbooks now—automation scripts, Defender reports, Autopatch. Consumers? Update. Reboot. Relax.
Microsoft’s message rings clear. Timely cert swaps preserve startup integrity, keep updates flowing. Ignore it, pay later. Those extra restarts? Badge of security honor.
WebProNews is an iEntry Publication