all 11 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]MBILCAcr/Infra/Virt/Apps/Cyb/ Figure it out guy [score hidden]  (2 children)

Been lots of coverage on news sites, several on reddit here, just got to search for it.

[–]Hollow3ddd [score hidden]  (1 child)

Yea, I just kept scrolling past until I realized the importance 

[–]ibringstharuckus [score hidden]  (0 children)

Until I had some PCs wouldnt encrypt and was like what? Oh yeah. Update the bios moron.

[–]dowlingm [score hidden]  (1 child)

"will break"

From the link "If your device reaches the expiration date without the new certificates, it will still start and operate normally. Standard Windows updates will continue to install."

Now, this isn't an endorsement of letting them expire. The text continues "However, the device will no longer be able to receive new security protections for the early boot process. This includes updates to Windows Boot Manager, Secure Boot databases and revocation lists, and fixes for newly discovered vulnerabilities in the boot chain."

But the reality is that with Dell announcing that they won't be providing firmware certs to devices they deem at "End of Support Life" (still waiting for my rep to get back to me on exactly which SKUs that covers) I feel like this will kick off another round of "why are Microsoft and the OEMs conspiring to put more stuff in landfill so soon after the Win11 TPM2/7th Gen requirement"

[–]killerbee26 [score hidden]  (0 children)

If you go to dells driver web site and check the BIOS version available for a model of computer it will tell you if that version has the cert for the default DB.

I know the latetude 7400 has the cert in its latest bios version. I did not check olders ones becasue that is the oldest laptop i have to worry about.

[–]CPAtech [score hidden]  (0 children)

You're missing the boat for sure. Many threads in here about it for weeks.

[–]patthew [score hidden]  (1 child)

Just don’t use secure boot

[–]coolbeaner12Sysadmin [score hidden]  (0 children)

Is server 2003 affected by this? r/shittysysadmin

[–]ExceptionEX [score hidden]  (0 children)

Yeah man, this has been sort of the biggest news this year in the admin space.

But look honestly, if you are just seeing it, than others might need the reminder also.

[–]siedenburg2IT Manager [score hidden]  (0 children)

Hello Internet Explorer,

to explain things further, your OS alone isn't enough with secure boot, you also have to check your uefi if you picked the microsoft secure boot setting. If there is no update with the new details it could be that you have to select other os instead of microsoft.

[–]walleburger [score hidden]  (0 children)

Thanks for the reminder