Last Tuesday, a Microsoft update aimed at patching a 2-year-old vulnerability in GRUB, a boot loader for Linux, inadvertently caused boot failures for numerous Linux users. The update, part of Microsoft’s monthly patch release, was designed to address a vulnerability (CVE-2022-2601) that allowed hackers to bypass secure boot, a crucial security feature. However, it resulted in devices configured for dual-boot with Windows and Linux displaying error messages and failing to boot into Linux when Secure Boot was enforced.
The issue affected a wide range of Linux distributions, including recent versions like Ubuntu 24.04 and Debian 12.6.0, contradicting Microsoft’s assurance that dual-boot systems would not be impacted. The problem sparked widespread reports and discussions among the Linux community, with users seeking workarounds to regain access to their systems.
Microsoft has not yet publicly acknowledged the issue or provided guidance, leaving users to find their own solutions. One temporary fix involves disabling Secure Boot or deleting the SBAT policy Microsoft introduced with the update. This incident highlights ongoing challenges with Secure Boot’s security and its implementation, underscoring the need for better testing and communication from Microsoft to avoid impacting the broader user base.
Read more at Ars Technica…