Microsoft’s Latest Security Update Ruined Dual-Boot Windows and Linux PCs

Microsoft’s latest monthly security update is wreaking havoc on dual-boot Windows and Linux systems. The software giant released a security patch last week to address a two-year-old vulnerability in the open-source GRUB bootloader used by many Linux devices. Microsoft’s patch wasn’t meant to affect dual-boot devices, but many users have discovered that it does and is now preventing their Linux installations from booting properly.

Ars Technica Reports indicate that several dual-boot Linux users are seeing “security policy violation” messages, as well as “something went seriously wrong” errors. Issues have been reported on Reddit, Ubuntu forums, and elsewhere. Distributions including Ubuntu, Debian, Linux Mint, Zorin OS, and Puppy Linux have all been affected by Microsoft’s patch.

The update was supposed to fix a vulnerability that allowed hackers to bypass Secure Boot, a technology widely used by Windows and Linux distributions to ensure that no malicious firmware is loaded onto devices at startup. Microsoft said earlier this month that it would apply “a Secure Boot Advanced Targeting (SBAT) update to block vulnerable Linux boot loaders that could impact the security of Windows,” but that the update would not be applied to systems that dual-boot with Windows and Linux, so it “is not expected to affect those systems.”

Microsoft has not commented on the issues caused by its update, but there is a workaround for Ubuntu users that involves disabling Secure Boot at the BIOS level, then logging into an Ubuntu user account and opening a terminal to remove Microsoft’s SBAT policy.

Microsoft has been using Secure Boot in Windows for years and made the technology a key requirement for Windows 11 to protect against BIOS rootkits. Researchers have discovered many vulnerabilities in Secure Boot over the years and it was recently discovered that Secure Boot is completely broken on many PCs.