This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 21%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWT%3C/text%3E%3C/svg%3E)
Hello,
What's this? Do I need to take any action about it or just leave it alone?
Thanks very much😀
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 21%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Hi Wilson T,
Try rebooting your computer, they get installed / replaced on the boot cycle and then recheck your event viewer. FYI I also have the 1801 event error number scatted amongst all the events, so I don't think you have too much to worry about. Let us know after rebooting if you still have 1801 coming up.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 60%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)
I currently have the same issue and it broke the mirroring of my 2 HDD AGAIN, please can someone tell me how this is fixed in the BIOS thanks.
Secure Boot certificates have been updated but are not yet applied to the device firmware. Review the published guidance to complete the update and ensure full protection. This device signature information is included here.
DeviceAttributes: BaseBoardManufacturer:ASUSTeK COMPUTER INC.;FirmwareManufacturer:American Megatrends Inc.;FirmwareVersion:4602;OEMModelNumber:System Product Name;OEMModelBaseBoard:ROG STRIX B450-F GAMING II;OEMModelSystemFamily:To be filled by O.E.M.;OEMManufacturerName:System manufacturer;OEMModelSKU:SKU;OSArchitecture:amd64;
BucketId: aa5b3f49388890199a8eade70fa35fb27d954c0eec70cd0b84ea26aae2e35872
BucketConfidenceLevel:
UpdateType:
For more information, please see https://go.microsoft.com/fwlink/?linkid=2301018.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 96%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGR%3C/text%3E%3C/svg%3E)
It does have an effect... it causes the computer to lag up to 30 seconds....a lifetime if you are trading stocks and options on the platform.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 32%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
With the optional update from October 28 (KB5067036), Microsoft introduced a CLI tool for the WinCS API. Install https://support.microsoft.com/en-us/topic/windows-configuration-system-wincs-apis-for-secure-boot-d3e64aa0-6095-4f8a-b8e4-fbfda254a8fe
Now install this PowerShell-Module:
Install-Module UEFIv2 -Force
You can list now the certificates:
Get-UEFISecureBootCerts db | select SignatureSubject
Which certificates are needed is listed here:
https://support.microsoft.com/en-us/topic/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e
Now set the update configuration:
WinCsFlags.exe /apply --key "F33E0C8E002"
Now, run the Scheduled Task Secure-Boot-Update.
Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"
Reboot twice and check again for the certificates and the Event-Log.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 50%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDN%3C/text%3E%3C/svg%3E)
John Westfield This is the right answer, it worked for me. Thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 9%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDA%3C/text%3E%3C/svg%3E)
I have a similar kind of issue. I have a Dell 7350 laptop and it keeps restarting every time I shutdown. When I checked the event log, same error is there. Would that be fixed by @John Westfield 's fix?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 4%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Great - just freaking great ...
PS C:\WINDOWS\system32> Get-UEFISecureBootCerts db | select SignatureSubject
Get-UEFISecureBootCerts : The 'Get-UEFISecureBootCerts' command was found in the module 'UEFIv2', but the module could not be loaded. For
more information, run 'Import-Module UEFIv2'.
At line:1 char:1
+ CategoryInfo : ObjectNotFound: (Get-UEFISecureBootCerts:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CouldNotAutoloadMatchingModule
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 84%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Hello, Wilson T.
If the OS is stable, you can ignore these messages. Judging by the information from the screenshot, they relate to updates from Lenovo (the manufacturer of your PC).
P.S. Even on a fully functional PC and a working OS, there are always similar messages in the Event Viewer. This is the normal behavior of the log collector.
It does make a difference.... see comment above
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 77%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMH%3C/text%3E%3C/svg%3E)
e.g. DELL will NOT update Optiplex 7050 UEFI (2017) because they let MS do the job.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 9%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
I have the same problem with Z690 AORUS ELITE AX DDR4 - last Bios updated to F33
Hi Gary Rogers,
I dont think Secure Boot certificate would cause an issue as far as 30 second freeze is concerned, what make and model is your computer, the drivers installed, this sounds far more likely to hardware/ software issue. I can help by pointing which logs to look at that might show which part is causing these delays, let me know.
Dell Pro Slim Plus QBS1250, all drivers updated via their website. I uploaded the logs to Dell, but no solution as of yet. Reset to original state and updated Windows 11 to latest patches and updated all drivers yet again. Still no solution to temporary freezes (10 sec. --- I exaggerated when I said 30 seconds because that's what it seemed like at the time).
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 2%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDW%3C/text%3E%3C/svg%3E)
May not be an issue. Check your BIOS for your type of boot. If you are using the LEGACY boot, then you're not using the secure boot or the these keys anyway and so updating is NOT necessary. Life goes on, albeit with a once per month error in the event log.
DO NOT CHANGE from Legacy Boot to Secure Boot because this will require a reinstall of Windows, and I'm pretty sure you don't want to do that.
With the optional update from October 28 (KB5067036), Microsoft introduced a CLI tool for the WinCS API. Install https://support.microsoft.com/en-us/topic/windows-configuration-system-wincs-apis-for-secure-boot-d3e64aa0-6095-4f8a-b8e4-fbfda254a8fe
Now install this PowerShell-Module:
Install-Module UEFIv2 -Force
You can list now the certificates:
Get-UEFISecureBootCerts db | select SignatureSubject
Get-UEFISecureBootCerts kek | select SignatureSubject
Certificates which are updated are listed here:
WinCsFlags is going to update ALL FOUR certificates listed. Also the one stored in KEK.
Now set the update configuration:
WinCsFlags.exe /apply --key "F33E0C8E002"
Now, run the Scheduled Task Secure-Boot-Update.
Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"
Reboot twice and check again for the certificates and the Event-Log.
If all is updated, you can set back the update configuration:
WinCsFlags.exe /apply --key "F33E0C8E001"
If this doesn't work, you're not using secure boot. But don't change because you'll have to reinstall Windows if you change the boot type
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 27%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Same issue appeared today. I especially like the part where it says "Review the published guidance to complete the update and ensure full protection." Yet, there is no info on the associated link that explains how to perform that cert update process for your typical Home user. Instead, they state that one must be familiar with the entire UEFI specification! MS is so F'd up!
I have the same problem. Additionally I get TPM rpoblems when installing Win11 25H2 as an inplace upgrade. The upgrade error log says that there is no 2023 certificate found so TPM can't be activated.
Error: 0x8007042B[gle=0x00000002]
this is annoying. No BIOS updates from DELL at the moment.
I cleared my TPM in BIOS, didn'T work.
found in C:$WINDOWS.~BT\Sources\Panther\setuperr.log:
USE_EX_BINS flag is specified, but 2023 cert is not in db
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 81%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
Hello everyone, this is also happenning to me since update KB5072033 on a DELL notebook.
Updating bios firmware Is a sensitive thing to do, with serious risks If It doesn't go smoothly In the process, wether during the transfer of new firmware or others unavoidable errors.
According to the event message, firmware update Is necessary to obtain new secure boot certificates:
Secure Boot certificates have been updated but are not yet applied to the device firmware. Review the published guidance to complete the update and ensure full protection. This device signature information is included here.
DeviceAttributes: FirmwareManufacturer:Dell Inc.;FirmwareVersion:1.41.0;OEMManufacturerName:Dell Inc.;OEMModelSKU:0A2A;OSArchitecture:amd64;
BucketId: 9d4d5fe09666dcf953773d7e24d1b67ec15e85b79f11d85a65011cf455e9186d
BucketConfidenceLevel:
UpdateType:
*For more information, please see https://go.microsoft.com/fwlink/?linkid=2301018.
*So, which Is the recommended path to mantain security on this case? Updating DELL BIOS firmware or ignore the message?
Thank you