Linux users running dual-boot systems with Windows have reported their devices suddenly failed to boot, displaying a worrying “Something went seriously wrong” message.
It has since been confirmed that a dodgy security update from Microsoft was to blame for the problem, which was designed to address CVE-2022-2601 as part of the company’s monthly patch release.
Consequentially, those with dual-boot systems – machines configured to run both Windows and Linux – found themselves unable to boot into Linux.
Microsoft update breaks dual-boot systems
The update had been rolled out to fix CVE-2022-2601, a critical vulnerability in the GRUB boot loader used by many Linux distros. It was identified two years ago, and could allow hackers to bypass Secure Boot, a security feature designed to prevent malware from loading during the startup process.
Despite the high 8.6 out of 10 rating, the vulnerability wasn’t patched until August 13, 2024.
Users affected by the update’s unintended issue saw a message reading: “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.”
The issue has affected multiple popular Linux distros, including Debian, Ubuntu, Linux Mint, Zorin OS and Puppy Linux.
In the hours and days following the faulty update, online forums filled with complaints and frustrated users sharing their temporary solutions, such as disabling Secure Boot or removing the problematic SBAT policy. However, despite the widespread issues, Microsoft has yet to provide a fix.
Microsoft said (via Ars Technica): “We are aware that some secondary boot scenarios are causing issues for some customers, including when using outdated Linux loaders with vulnerable code. We are working with our Linux partners to investigate and address.”
For now, dual-boot users will have to find peace with a temporary fix until Microsoft rolls out an update to the security patch that was two years in the making.