VMware has not yet released an updated virtual hardware/BIOS package for this issue (only manual steps). Do we need to worry about the virtual hardware/Bios update offered by VMware if we’re already seeing the “Updated”/ WindowsUEFICA2023Capable =2 results we’re getting now within the registry? We also get the result of “True” using the verification command - ([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).Bytes)) -match "Windows UEFI CA 2023".  From a compliance perspective, does this mean we’re covered? For that matter, do we even need to rename the NVRAM File?

We’ve also noticed that on some of our Server 2025 systems, even when the certificates seemingly updates itself successfully, the Secure Boot scheduled task fails with a “file not found” error. Is there a way to correct this? We are not sure how to address this. It appears to be a built‑in, “solid‑state” task.