Share via

Secure Boot certificates have been updated but are not yet applied

Wilson T 155 Reputation points
2025-12-09T05:17:43.8733333+00:00

Hello,

User's image

What's this? Do I need to take any action about it or just leave it alone?

Thanks very muchπŸ˜€

Windows for home | Windows 11 | Performance and system failures
Answer accepted by question author
  1. Alexandr S 101.5K Reputation points Independent Advisor
    2025-12-09T06:03:24.0433333+00:00

    Hello, Wilson T.

    If the OS is stable, you can ignore these messages. Judging by the information from the screenshot, they relate to updates from Lenovo (the manufacturer of your PC).

    P.S. Even on a fully functional PC and a working OS, there are always similar messages in the Event Viewer. This is the normal behavior of the log collector.

4 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Michael Held 15 Reputation points
    2025-12-10T22:40:34.8533333+00:00

    I have the same problem. Additionally I get TPM rpoblems when installing Win11 25H2 as an inplace upgrade. The upgrade error log says that there is no 2023 certificate found so TPM can't be activated.

    Error: 0x8007042B[gle=0x00000002]

    this is annoying. No BIOS updates from DELL at the moment.

    I cleared my TPM in BIOS, didn'T work.

    2 people found this answer helpful.
  2. Gonzalo 5 Reputation points
    2025-12-10T03:43:55.55+00:00

    Hello everyone, this is also happenning to me since update KB5072033 on a DELL notebook.
    Updating bios firmware Is a sensitive thing to do, with serious risks If It doesn't go smoothly In the process, wether during the transfer of new firmware or others unavoidable errors.
    According to the event message, firmware update Is necessary to obtain new secure boot certificates:

    Secure Boot certificates have been updated but are not yet applied to the device firmware. Review the published guidance to complete the update and ensure full protection. This device signature information is included here.

    DeviceAttributes: FirmwareManufacturer:Dell Inc.;FirmwareVersion:1.41.0;OEMManufacturerName:Dell Inc.;OEMModelSKU:0A2A;OSArchitecture:amd64;

    BucketId: 9d4d5fe09666dcf953773d7e24d1b67ec15e85b79f11d85a65011cf455e9186d

    BucketConfidenceLevel:

    UpdateType:

    *For more information, please see https://go.microsoft.com/fwlink/?linkid=2301018.

    *So, which Is the recommended path to mantain security on this case? Updating DELL BIOS firmware or ignore the message?
    Thank you

    1 person found this answer helpful.
    0 comments
  3. tocguy 95 Reputation points
    2025-12-18T18:08:18.57+00:00

    Same issue appeared today. I especially like the part where it says "Review the published guidance to complete the update and ensure full protection." Yet, there is no info on the associated link that explains how to perform that cert update process for your typical Home user. Instead, they state that one must be familiar with the entire UEFI specification! MS is so F'd up!

    1 person found this answer helpful.
    0 comments
  4. Edward エ ド γƒ― ド γ‚’ デ γ‚£ パ ッ γƒˆ ラ γƒΌ Adiputra 0 Reputation points
    2025-12-19T02:31:50.02+00:00

    i have same issue. after update windows 11 (os build 26100.7462) if im launch delta force always green screen and im check event viewer show problem source TPM-WM and event id: 1801.

    general description
    Secure Boot certificates have been updated but are not yet applied to the device firmware. Review the published guidance to complete the update and ensure full protection. This device signature information is included here.

    DeviceAttributes: BaseBoardManufacturer:ASRock;FirmwareManufacturer:American Megatrends International, LLC.;FirmwareVersion:L2.33

    please microsoft fix that!

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.