Microsoft's latest security update has wreaked havoc on dual-boot Windows and Linux PCs
Microsoft's latest security update has wreaked havoc on dual-boot Windows and Linux PCs
Microsoft's latest monthly security update is wreaking havoc on dual-boot Windows and Linux systems. The software giant released a security patch last week that fixed a two-year-old vulnerability in the GRUB open-source boot loader used by many Linux devices. Microsoft's patch wasn't supposed to arrive on dual-boot devices, but many people have found that it did and is now preventing their Linux installs from booting properly.
Ars Technica reports that many Linux dual-boot users are seeing "security policy violation" messages, as well as "something has gone seriously wrong" errors. There are reports of problems on Reddit, Ubuntu forums and elsewhere. All distributions including Ubuntu, Debian, Linux Mint, Zorin OS and Puppy Linux have been affected by Microsoft's patch.
The update is said to fix a vulnerability that allows hackers to bypass Secure Boot, a technique widely used by Windows and Linux distributions to ensure that malicious firmware is not loaded onto a device during boot. Microsoft said earlier this month that it would apply a Secure Boot Advanced Targeting (SBAT) update to block "vulnerable Linux boot loaders that may impact Windows security," but the update will not apply to dual-boot systems with both Windows and Linux, so it "will not impact these systems." Microsoft has not commented on the problems caused by its update, but there is a workaround for Ubuntu users that involves disabling Secure Boot at the BIOS level and then logging into the Ubuntu user account and opening a terminal to remove Microsoft's SBAT policy. Microsoft has been using Secure Boot in Windows for years, and has made using the technique a major requirement for Windows 11 to protect against BIOS rootkits. Researchers have found numerous vulnerabilities in Secure Boot over the past few years, and recently it was discovered that Secure Boot is completely broken on many PCs.
No comments