Microsoft is currently addressing complications arising from a recent security patch aimed at rectifying a two-year-old vulnerability in the GRUB open-source boot loader. This flaw has led to crashes on certain dual-boot systems that operate both Windows and Linux, leaving users with the disconcerting message: “Something went seriously wrong.”
Patch Implementation and User Reactions
The issues surfaced following Microsoft’s release of a security update for CVE-2022-2601, which targets a buffer overflow vulnerability in GRUB 2. This bootloader is widely utilized across various Linux distributions and some Windows machines. The vulnerability poses a risk by potentially allowing unauthorized users or malware to bypass the Secure Boot feature, enabling the loading of malicious code during system startup.
According to Microsoft’s advisory dated August 13, the latest Windows builds are not susceptible to this security flaw when using the GRUB2 boot loader. The advisory stated that the update was intended for dual-boot systems running both operating systems and should not disrupt their functionality. However, user experiences tell a different story.
Reports from numerous forums indicate that the patch inadvertently affected dual-boot systems, preventing Linux distributions from booting. One user recounted their experience after the update, stating:
“Today when I started the laptop I see the below message for a few seconds and then the laptop shuts down… ‘Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.’ The only way I can get the laptop up and running is to disable Secure Boot.”
In response to inquiries from The Register, a Microsoft spokesperson acknowledged the issue, stating that the company is collaborating with its Linux partners to resolve the matter. “This update is not applied when a Linux boot option is detected,” the spokesperson clarified. “We are aware that some secondary boot scenarios are causing issues for some customers, including when using outdated Linux loaders with vulnerable code. We are working with our Linux partners to investigate and address.”
In the meantime, users have begun sharing workarounds on platforms like Reddit. One suggestion from a Linux Mint forum user included the following steps:
- Disable Secure Boot.
- Log into your Ubuntu user and open a terminal.
- Delete the SBAT policy using the command: sudo mokutil --set-sbat-policy delete.
- Reboot your PC and log back into Ubuntu to update the SBAT policy.
- Reboot again and re-enable Secure Boot in your BIOS.
This workaround appears to be the most effective solution until a formal fix is released by Microsoft.
Concerns Over Microsoft Exchange Server Vulnerability
In a separate development, the US Cybersecurity and Infrastructure Security Agency (CISA) has added the ProxyLogon vulnerability, a three-year-old flaw in Microsoft Exchange Server, to its Known Exploited Vulnerabilities Catalog. This vulnerability allows for remote code execution, enabling attackers to gain complete control over affected Exchange Servers.
Tracked as CVE-2021-31196, this flaw was patched back in July 2021, prior to its exploitation in the wild. At that time, Microsoft deemed the likelihood of exploitation as “less likely.” However, the reality has proven otherwise, with multiple bypasses of the initial patch occurring since then.
Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, expressed disappointment at the ongoing exploitation of this vulnerability, stating, “It means that despite all of our warnings about leaving unpatched Exchange servers connected to the internet, it’s still occurring.”
