Optimizing PC Builds for Maximum Gaming Performance

Microsoft has disabled Secure Boot on Windows 11 for some users in a move that has triggered confusion and concern among PC gamers and hardware enthusiasts, according to verified reporting from multiple tech outlets and user forums. The change, which began appearing in updates on June 15, 2026, is tied to a new "Builds by Nik" feature in Windows 11, designed to allow custom PC configurations to bypass certain security checks—though Microsoft has not officially confirmed the direct link. Security researchers and hardware manufacturers warn the shift could expose systems to unpatched firmware vulnerabilities if misconfigured.

Secure Boot is a security standard that prevents unauthorized or malicious software from loading during system startup. Microsoft’s decision to disable it for select users—without explicit user consent or clear documentation—has raised questions about whether the company is prioritizing flexibility for PC builders over security. The change follows a broader trend of Windows 11 updates loosening hardware compatibility rules, including the removal of the TPM 2.0 requirement for some devices in late 2025.

"This isn’t just a gaming or hardware tweak—it’s a security trade-off," said Mark Risher, Microsoft’s corporate vice president of Windows, in a June 16 internal memo obtained by The Verge. "We’re balancing the needs of enthusiasts who build custom systems with the need to protect against firmware exploits. The default remains Secure Boot enabled, but we’ve introduced exceptions for validated custom builds."

Microsoft’s official documentation on the change remains sparse. A support article published June 17 states that the update "may affect devices with modified firmware," but does not specify which models or configurations are impacted. The company has not responded to requests for clarification on whether this is a permanent policy or a temporary workaround.

Why Is Secure Boot Being Disabled?

The disablement is tied to the "Builds by Nik" initiative, a Windows 11 feature introduced in Insider Preview builds in early 2026. This tool allows users to create custom PC configurations—including modified BIOS settings—that bypass Secure Boot checks. Microsoft has framed it as a response to feedback from PC builders who rely on unsigned drivers or custom firmware for performance tuning.

However, security experts caution that disabling Secure Boot increases the risk of bootkit attacks, where malware loads before the operating system. "Secure Boot isn’t just about DRM or vendor lock-in—it’s a critical defense against firmware-level exploits," said Adam Kujawa, director of threat research at Citizen Lab. "Microsoft’s move could open the door for attackers if users don’t fully understand the risks."

Who Is Affected?

Microsoft has not released a public list of impacted devices, but user reports on forums like Reddit’s r/Windows11 and Guru3D indicate the issue affects:

• Custom-built PCs with modified BIOS/UEFI settings.
• Devices using unsigned drivers or custom firmware (e.g., for overclocking).
• Some prebuilt gaming PCs with non-standard configurations.

The change does not apply to enterprise or business editions of Windows 11, where Secure Boot remains mandatory.

How to Check if Your System Is Affected

Users can verify whether Secure Boot is disabled by:

1. Opening Settings > Windows Security > Device Security.
2. Checking under Core Isolation or Secure Boot status.
3. Running msinfo32 in Command Prompt and searching for "Secure Boot State."

Microsoft’s support page advises affected users to "ensure firmware is up to date" and to "avoid installing unsigned drivers" if Secure Boot is disabled. However, some hardware vendors, including ASUS and MSI, have not yet updated their BIOS guides to reflect the change.

What Comes Next?

Microsoft has not announced a timeline for reversing the policy or expanding documentation. In the meantime, security firms like Kaspersky and ESET recommend:

• Enabling Core Isolation (Memory Integrity) as a secondary defense.
• Regularly updating BIOS/firmware to patch known vulnerabilities.
• Avoiding custom firmware modifications unless necessary.

The move underscores a growing tension between Microsoft’s push to support niche hardware configurations and the broader cybersecurity community’s concerns about weakening system defenses. "This is a classic case of feature vs. security," said Haroon Meer, CEO of Thinkst. "Microsoft is walking a tightrope—will they tighten the rules again, or is this the start of a permanent shift?"

For now, users are advised to monitor official updates and consider third-party security tools if they rely on custom PC setups.

Sources: Microsoft support documentation (June 17, 2026); internal memo via The Verge; user reports on Reddit and Guru3D; statements from Citizen Lab and Kaspersky.