Linux users running dual-boot systems with Windows reported that their devices suddenly failed to boot and displayed a worrying message saying “Something went seriously wrong.”
It has since been confirmed that a dubious Microsoft security update was to blame for the issue, which was designed to address CVE-2022-2601 as part of the company's monthly patch release.
As a result, those with dual-boot systems (machines configured to run both Windows and Linux) found themselves unable to boot into Linux.
Microsoft update breaks dual-boot systems
The update was rolled out to fix CVE-2022-2601, a critical vulnerability in the GRUB bootloader used by many Linux distributions. It was identified two years ago and could allow hackers to bypass Secure Boot, a security feature designed to prevent malware from loading during the boot process.
Despite the high rating of 8.6 out of 10, the vulnerability was not fixed until August 13, 2024.
Users affected by the unwanted update issue saw a message that read: “Failed to verify SBAT data from shim: Security policy violation. Something went seriously wrong: SBAT self-check failed: Security policy violation.”
The issue has affected several popular Linux distributions, including Debian, Ubuntu, Linux Mint, Zorin OS, and Puppy Linux.
In the hours and days following the flawed update, online forums were filled with complaints and frustrated users sharing their workarounds, such as disabling Secure Boot or removing the problematic SBAT policy. However, despite the widespread issues, Microsoft has yet to provide a fix.
Microsoft said (via Art-Technica): “We are aware that some secondary boot scenarios are causing issues for some customers, including when using outdated Linux loaders with vulnerable code. We are working with our Linux partners to investigate and address the issue.”
For now, dual-boot users will have to make peace with a temporary workaround until Microsoft releases an update to the security patch that was two years in the making.
