Ventoy 1.1.15 landed on June 25, 2026, delivering a critical patch for Windows users who rely on the tool for bootable USB drives. The update comes just days after two rapid-fire predecessor releases and addresses a boot failure that could affect systems with Secure Boot enabled. More importantly, it adds support for Microsoft’s 2023 Secure Boot certificate transition, a shift that has been causing headaches for anyone using custom boot media on modern hardware.

For the uninitiated, Ventoy is a free, open-source tool that turns a single USB drive into a multiboot Swiss Army knife. Instead of reimaging the drive for each OS, you just drop ISO, WIM, IMG, VHD(x), or EFI files onto it and Ventoy presents a boot menu to choose from. It has become the go-to solution for IT professionals, system admins, and enthusiasts who need to carry multiple operating systems or rescue environments in their pocket. But as Secure Boot requirements tighten on Windows 11 and beyond, keeping Ventoy compatible with the latest firmware demands constant vigilance.

The Secure Boot Certificate Shift

Microsoft’s 2023 Secure Boot certificate transition was designed to phase out older Certificate Authorities (CAs) and replace them with newer, more secure ones. This is part of the company’s broader push to harden the pre-boot environment against bootkits and rootkits. The old certificates, known as the “Windows Production PCA 2011,” were set to be deprecated in favor of a new “Windows UEFI CA 2023.” Systems that updated their firmware or receive latest UEFI updates would no longer trust bootloaders signed with the old certificate.

This policy shift affects any tool that signs boot components with a Microsoft key. Ventoy, which uses a shim bootloader signed by Microsoft to navigate Secure Boot, needed to update its binaries to use the new 2023 certificate. Without this, users would encounter a “Secure Boot Violation” error or an outright boot failure when trying to start an OS from a Ventoy-prepared drive on hardware that has been updated to enforce the new certificate only.

The 1.1.15 release finally brings Ventoy into alignment. The developer, known by the handle longpanda, integrated the new certificate for the Ventoy EFI stub. This means that Ventoy drives will now boot cleanly on systems that have been patched to reject the 2011 certificates. The move is particularly important for Windows 11 users, as Microsoft has been aggressively pushing Secure Boot requirements since the OS launched. Even Windows 10 systems with the latest updates can be affected.

Boot Failure: What Changed and How It Manifests

The boot failure fixed in 1.1.15 was not solely about certification. Reports had surfaced that certain systems, particularly those with updated UEFI firmware from major OEMs like Dell, HP, and Lenovo, would fail to recognize the Ventoy bootloader. In some cases, the boot menu would not even appear. In others, selecting an ISO led to a black screen or an immediate reboot.

This regression appeared to stem from changes in how Ventoy handled memory mapping and the handoff from the UEFI firmware to the bootloader. The previous versions, 1.1.13 and 1.1.14, had introduced performance optimizations and support for newer file systems, but inadvertently broke compatibility on some chipsets. The 1.1.15 update specifically addresses these edge cases by reverting a memory allocation routine and refining the boot entry creation process.

Longpanda acknowledged in the release notes that the issue was elusive, manifesting only on configurations with specific AMD and Intel microarchitectures paired with certain UEFI implementations. The fix was tested across a broad range of motherboards and laptops, including popular models used in enterprise environments.

A Rapid Trilogy of Releases

The push from 1.1.13 to 1.1.15 happened within a span of just three weeks. Version 1.1.13, released on June 5, introduced initial support for the new certificate but had incomplete implementation that still left some systems unbootable. Version 1.1.14 on June 18 attempted to patch the boot failure but inadvertently broke the certificate chain validation on several platforms. These rapid iterations underscore the complexity of keeping a low-level boot tool compliant with shifting firmware landscapes.

For users who updated to 1.1.13 or 1.1.14 and experienced issues, the 1.1.15 release is a must-have. The developer advises that anyone running these intermediate versions should immediately upgrade, as the boot failure can render rescue drives useless during critical moments.

What This Means for Windows Users

Secure Boot is no longer an optional toggle for many Windows installations. Microsoft’s OEM partners ship consumer PCs with Secure Boot enabled by default, and some enterprise configurations lock down the firmware to prevent disabling it. Ventoy’s continued compatibility is therefore essential for anyone who needs a portable multiboot tool.

Without the update, a technician walking into a client site with a Ventoy USB stick might find it dead on arrival. Similarly, home users who built a Ventoy drive to test Windows Insider builds or Linux distributions would be locked out. The 2023 certificate transition has been rolling out gradually, but with the June 2026 Windows Update, Microsoft accelerated enforcement through its Secure Boot DBX (Forbidden Signatures Database) updates.

This update ensures that Ventoy remains a viable alternative to tools like Rufus, which also updated its secure boot signing chain earlier. However, Ventoy’s advantage—supporting multiple ISOs without repeated formatting—makes it particularly sensitive to bootloader integrity.

How to Update to Ventoy 1.1.15

Upgrading Ventoy is straightforward for those already using it. The tool comes in both Windows and Linux versions. On Windows, you simply run the Ventoy2Disk.exe utility and choose “Update” while your USB drive is plugged in. This preserves all the ISO files on the data partition and only replaces the core bootloader files. For newcomers, the process involves installing Ventoy to a USB, which formats the drive and creates two partitions: a small hidden partition for the bootloader and a large exFAT/NTFS partition for ISOs.

Longpanda emphasized that users should back up their USB drives before upgrading, as a power loss during the update can corrupt the partition table. The new version also fixes a rare corruption bug that occurred when installing Ventoy on certain Kingston and SanDisk USB sticks with advanced write caching.

To verify the update took effect, users can boot from the drive and check the Ventoy version displayed on the boot menu, or examine the MBR/VBR signatures. The EFI files will now be signed with the 2023 certificate, and the shim should pass Secure Boot validation on fully updated UEFI systems.

Community Impact and Feedback

Ventoy’s community of power users and IT professionals quickly adopted the new release. Though the 1.1.15 announcement did not spark massive forum discussion due to the fix’s niche nature, the earlier 1.1.14 had seen a flurry of bug reports on GitHub and Reddit. Users praised the rapid response but expressed frustration with the moving target of Secure Boot.

One recurring theme in community chatter is the balance between security and utility. The certificate transition, while necessary, has forced many open-source projects to scramble for updated signing credentials. Ventoy, being one of the most visible tools in this space, became a bellwether. The developer’s commitment to maintaining compatibility has likely saved countless hours of downtime for sysadmins.

At the same time, some advanced users have voiced concerns about the long-term viability of relying on Microsoft’s signing infrastructure. Alternatives such as disabling Secure Boot or using MOK (Machine Owner Key) enrollment are possible but less seamless. Ventoy 1.1.15’s update keeps the easiest path open.

Looking Ahead

The Secure Boot landscape will continue to evolve. Microsoft has hinted at further certificate rotation and stricter revocation list enforcement in future Windows releases. Ventoy’s architecture, which relies on a first-stage shim that chain-loads to the chosen bootloader, may need ongoing maintenance. The 1.1.15 release is a necessary step, but the pace suggests that more tweaks will come.

Longpanda has indicated that work on Ventoy 2.0, a potential rewrite with modular plugin support, is underway. That version may abstract many of these firmware-level concerns, but for now, the focus remains on stability. The rapid release of 1.1.13, 1.1.14, and 1.1.15 demonstrates the project’s agility but also the fragility of its low-level code.

For Windows enthusiasts, the takeaway is clear: keep your Ventoy installation current. Bootable USB tools are only useful when they work, and with Secure Boot enforcement growing stricter, staying on an old version is a gamble. Ventoy 1.1.15 is the version that aligns with Microsoft’s 2023 vision of a secure pre-boot environment without sacrificing the flexibility of multiboot media.