Rufus, the open-source bootable USB creation tool relied upon by millions of IT professionals and enthusiasts, has just released its 4.10 beta with a handful of targeted updates that directly address the real-world pains of mass Windows migrations. The beta introduces an official dark mode, support for creating Windows 11 25H2 media that complies with Microsoft’s revised “Windows UEFI CA 2023” signing scheme, and a fix for a long-standing crash triggered by ISO file paths exceeding 256 characters. For administrators staring down the October 14, 2025 end-of-support deadline for Windows 10, these changes arrive as welcome, if modest, improvements to a workflow backbone.

Microsoft will cease providing security and feature updates for standard editions of Windows 10 on that date, pushing organizations and individual users to either upgrade to Windows 11, enroll in paid Extended Security Updates, or accept increased risk. The pressure is compounded by recent changes to Windows boot signing: Microsoft’s rotation of UEFI signing certificates and the phased rollout of the “Windows UEFI CA 2023” trust anchor have made creating future-proof installation media more complex. Rufus 4.10 beta squarely targets these friction points, offering a streamlined way to generate media that aligns with the updated security model.

A Long-Awaited Dark Mode for Eye-Strain Relief

The beta’s most immediately noticeable addition is its integrated dark theme, a feature users have requested for years across numerous GitHub issues and pull requests. Developer contributions (credited to @ozone10) have finally delivered an official UI mode that reduces glare during late-night imaging sessions or in dimly lit server rooms. This is not a superficial skin; the implementation involved deep integration with the UI framework, ensuring consistent appearance across menus, drop-downs, and notification panels.

For technicians who spend hours crafting bootable drives—often in less-than-ideal lighting—the dark mode is a genuine quality-of-life improvement. It joins a broader industry trend of dark-mode-adopting developer tools and signals that the Rufus project values ergonomics alongside raw capability. While the feature may seem cosmetic, its absence had been a frequent pain point, and its inclusion in this beta demonstrates maturity in responding to community feedback.

Windows CA 2023 and 25H2: Future-Proofing Boot Media

The most technically significant addition is the ability to create “Windows CA 2023 compatible media.” This directly addresses the Secure Boot and boot manager signing changes that Microsoft started rolling out in 2023. When you supply a Windows 11 25H2 ISO (the release currently in preview channels), Rufus can now produce a USB drive that will boot reliably on systems with up-to-date UEFI revocation databases that trust the new certificate authority.

Microsoft’s shift to the Windows UEFI CA 2023 signing model was a response to vulnerabilities like BlackLotus, which exploited weaknesses in the existing boot manager signing chain. The updated model revokes older, potentially compromised boot loaders and requires media to be signed with the new certificate. Microsoft published a PowerShell script (Make2023BootableMedia.ps1) to retrofit existing ISOs, but that process is manual and error-prone. Rufus 4.10 beta automates the necessary modifications, allowing admins to generate CA2023-compatible media directly from a 25H2 ISO with a single click—provided the ISO is from an official source and the correct build.

For those managing fleets with diverse UEFI firmware and varying revocation list states, this feature eliminates a common headache: boot failures on secure systems that reject older signing certificates. It also means that technicians can prepare a single USB drive capable of installing Windows 11 on both legacy and up-to-date hardware without chasing down separate scripts. However, note that this media creation is explicitly tied to 25H2 ISOs, which are only just becoming available; earlier Windows 11 or Windows 10 ISOs cannot be retrofitted through this mechanism.

Critical Bug Fixes: Long-Path Crashes and Diagnostic Corrections

Beneath the headline features, the 4.10 beta packs several stability improvements that address real-world frustrations. A crash caused by loading Windows ISOs stored in file paths longer than 256 characters has been fixed (GitHub issues #2777, #2787, #2793). This bug bit technicians who stash ISOs in deeply nested archive folders or synchronization directories, and the fix will save wasted minutes diagnosing inexplicable failures. Additionally, the tool now properly handles UEFI DBX (revocation database) update reporting across timezones, correcting a false-positive log entry that could mislead users into believing their system’s Secure Boot state had changed.

VHD and VHDX save operations have better error reporting, and the new ability to save an existing drive back to an ISO (UDF format only) opens up archival workflows for customized installation sticks. These under-the-hood fixes solidify Rufus’s reputation as a reliable utility for repeatable imaging tasks. When creating dozens of bootable USBs, even a few unexplained crashes can derail a deployment schedule; addressing edge cases like long paths and timezone-specific bugs makes the tool more predictable in diverse IT environments.

While the beta is functional and eagerly tested by the community, it is pre-release software. The canonical GitHub release page did not yet have a final 4.10 tag at the time of reporting—the build circulated as a beta artifact. Users should validate the binary’s authenticity by downloading directly from the official project site (rufus.ie) or the GitHub CI pipeline, verifying checksums where available. Production deployments should wait for a signed stable release or undergo rigorous internal testing.

Another critical point: many administrators employ Rufus not only for clean installs but also to bypass Windows 11 hardware requirements (TPM 2.0, Secure Boot) when creating “compatibility” media. While the beta’s CA2023 support is about aligning with Microsoft’s signing model—not about removing those checks—the two functions coexist in the ecosystem and can be confused. Intentionally bypassing hardware requirements permanently reduces system security and may render the installation unsupported by Microsoft. Organizations should document any bypass configurations as exceptions and ensure they are paired with compensating controls. The beta’s own feature set does not encourage such bypasses, but its very capability to craft altered media means users must be clear-eyed about the security implications.

A Practical Workflow for Windows 10 to 11 Upgrades

With the end of Windows 10 support looming, here is a tested approach for IT pros wanting to evaluate the beta:

  • Obtain a legitimate Windows 11 25H2 ISO from Microsoft’s Volume Licensing Service Center, Visual Studio Subscriptions, or the Windows Insider Preview downloads. Verify the SHA256 hash against published values.
  • Download Rufus 4.10 beta from the official GitHub releases page or rufus.ie. Keep a known-good copy of the latest stable release as a fallback.
  • Prepare a USB drive (at least 8GB, faster drives preferred) and back up any data.
  • Launch Rufus, select the USB device, and point to the 25H2 ISO. Choose GPT partition scheme and UEFI target for modern hardware. For CA2023-compatible media, toggle the relevant option in the interface—this is enabled by default when a 25H2 ISO is detected.
  • Create the media, then test-boot from it on a representative non-production machine to confirm Secure Boot compatibility.
  • For in-place upgrades from Windows 10, simply run Setup.exe from the USB while Windows 10 is running; this preserves applications and files. For clean installs, boot from the USB and proceed.

Keep a recovery strategy: a current system image or WinRE environment, plus the ability to roll back BIOS/UEFI settings if needed. If you encounter Secure Boot errors with older ISOs, it may indicate that your firmware has applied the latest revocations; using the newly created CA2023 media is the correct solution.

Alternatives and Complementary Tools

Rufus isn’t the only tool in this space. For quick, single-PC upgrades, the Flyoobe/Flyby11 family can apply bypass patches on the fly for in-place upgrades—convenient but requiring its own risk assessment. Ventoy offers a multi-ISO USB platform that lets you drop multiple ISOs onto a single drive without reformatting, ideal for carrying a library of installation sources. And for organizations that require a fully vendor-supported path, Microsoft’s Make2023BootableMedia.ps1 script remains the official method for updating existing media to the CA2023 signing scheme. Rufus sits in a sweet spot: it combines flexibility, speed, and now CA2023 awareness, without the need for scripting.

The Bottom Line

Rufus 4.10 beta is a focused, incremental release that respects the daily realities of Windows deployment. The dark mode eases visual strain; the long-path fix eliminates a crashing bug; and the Windows CA 2023 support solves a forward-looking compatibility challenge that will only grow more pressing as Windows 11 25H2 reaches broad availability. For technicians orchestrating large-scale migrations away from Windows 10, the beta is a practical addition to the toolset—but it remains pre-production software. Validate it in your lab, verify your ISOs, and hold off on rolling it out to production until the final, signed release appears on the official GitHub releases page.

Until then, Rufus continues to be an essential, free, and community-driven utility that proves small, well-targeted updates can significantly smooth Windows transitions.