Microsoft’s latest security update has ruined dual-boot Windows and Linux PCs

Cath Virginia / The Verge | Photo: Getty Images Microsoft’s latest monthly security update is wreaking havoc on dual-boot Windows and Linux systems. The software giant issued a security patch last week to fix a two-year-old vulnerability in the GRUB open-source boot loader used by lots of Linux devices. Microsoft’s patch wasn’t supposed to hit dual-boot devices, but many have found it has and it’s now stopping their Linux installs from booting properly. Ars Technica reports that multiple Linux dual-boot users are seeing “security policy violation” messages, along with “something has gone seriously wrong” errors. There are reports of issues across Reddit, Ubuntu forums, and elsewhere. Distributions including Ubuntu, Debian, Linux Mint, Zorin OS, and Puppy Linux have all been affected by Microsoft’s patch. The update was supposed to fix a vulnerability that allowed hackers to bypass Secure Boot, a technology that’s widely used by Windows and Linux distributions to ensure malicious firmware isn’t loaded onto devices during boot. Microsoft said earlier this month it would apply “a Secure Boot Advanced Targeting (SBAT) update to block vulnerable Linux boot loaders that could have an impact on Windows security,” but that the update would not be applied to dual-boot systems with both Windows and Linux so it “should not affect these systems.” Microsoft hasn’t commented on the issues its update has caused, but there is a workaround for Ubuntu users that involves disabling Secure Boot at the BIOS level and then logging into a Ubuntu user account and opening a terminal to delete Microsoft’s SBAT policy. Microsoft has been using Secure Boot in Windows for years, and made it a key requirement for Windows 11 to use the technology to secure against BIOS rootkits. Researchers have found plenty of vulnerabilities in Secure Boot over the years, and recently it was discovered that Secure Boot is completely broken on many PCs. Sign up for Notepad by Tom Warren, a weekly newsletter uncovering the secrets and strategy behind Microsoft’s era-defining bets on AI, gaming, and computing. Subscribe to get the latest straight to your inbox. Monthly $7/month Get every issue of Notepad straight to your inbox. The first month is free. START YOUR TRIAL Annual $70/year Get a year of Notepad at a discounted rate. The first month is free. START YOUR TRIAL Bundle $100/person/year Get one year of both Notepad and Command Line. The first month is free. SUBSCRIBE TO BOTH We accept credit card, Apple Pay and Google Pay.

Microsoft’s latest security update has ruined dual-boot Windows and Linux PCs
Illustration of a pixelated key next to a padlock and chain, implying online data security.
Cath Virginia / The Verge | Photo: Getty Images

Microsoft’s latest monthly security update is wreaking havoc on dual-boot Windows and Linux systems. The software giant issued a security patch last week to fix a two-year-old vulnerability in the GRUB open-source boot loader used by lots of Linux devices. Microsoft’s patch wasn’t supposed to hit dual-boot devices, but many have found it has and it’s now stopping their Linux installs from booting properly.

Ars Technica reports that multiple Linux dual-boot users are seeing “security policy violation” messages, along with “something has gone seriously wrong” errors. There are reports of issues across Reddit, Ubuntu forums, and elsewhere. Distributions including Ubuntu, Debian, Linux Mint, Zorin OS, and Puppy Linux have all been affected by Microsoft’s patch.

The update was supposed to fix a vulnerability that allowed hackers to bypass Secure Boot, a technology that’s widely used by Windows and Linux distributions to ensure malicious firmware isn’t loaded onto devices during boot. Microsoft said earlier this month it would apply “a Secure Boot Advanced Targeting (SBAT) update to block vulnerable Linux boot loaders that could have an impact on Windows security,” but that the update would not be applied to dual-boot systems with both Windows and Linux so it “should not affect these systems.”

Microsoft hasn’t commented on the issues its update has caused, but there is a workaround for Ubuntu users that involves disabling Secure Boot at the BIOS level and then logging into a Ubuntu user account and opening a terminal to delete Microsoft’s SBAT policy.

Microsoft has been using Secure Boot in Windows for years, and made it a key requirement for Windows 11 to use the technology to secure against BIOS rootkits. Researchers have found plenty of vulnerabilities in Secure Boot over the years, and recently it was discovered that Secure Boot is completely broken on many PCs.