Microsoft’s latest monthly security update is wreaking havoc on dual-boot Windows and Linux systems. The software giant issued a security patch last week to fix a two-year-old vulnerability in the GRUB open-source boot loader used by lots of Linux devices. Microsoft’s patch wasn’t supposed to hit dual-boot devices, but many have found it has and it’s now stopping their Linux installs from booting properly.
Ars Technica reports that multiple Linux dual-boot users are seeing “security policy violation” messages, along with “something has gone seriously wrong” errors. There are reports of issues across Reddit, Ubuntu forums, and elsewhere. Distributions including Ubuntu, Debian, Linux Mint, Zorin OS, and Puppy Linux have all been affected by Microsoft’s patch.
The update was supposed to fix a vulnerability that allowed hackers to bypass Secure Boot, a technology that’s widely used by Windows and Linux distributions to ensure malicious firmware isn’t loaded onto devices during boot. Microsoft said earlier this month it would apply “a Secure Boot Advanced Targeting (SBAT) update to block vulnerable Linux boot loaders that could have an impact on Windows security,” but that the update would not be applied to dual-boot systems with both Windows and Linux so it “should not affect these systems.”
Microsoft hasn’t commented on the issues its update has caused, but there is a workaround for Ubuntu users that involves disabling Secure Boot at the BIOS level and then logging into a Ubuntu user account and opening a terminal to delete Microsoft’s SBAT policy.
Microsoft has been using Secure Boot in Windows for years, and made it a key requirement for Windows 11 to use the technology to secure against BIOS rootkits. Researchers have found plenty of vulnerabilities in Secure Boot over the years, and recently it was discovered that Secure Boot is completely broken on many PCs.