Microsoft Update Causes Boot Failures in Linux Dual-Boot Systems

Apps & Games / Microsoft Teams / News Microsoft Teams for all platforms / Microsoft Update Causes Boot Failures in Linux Dual-Boot Systems
21 Aug 2024

Last Tuesday, a wave of discontent swept through the Linux community as users reported their devices failing to boot, encountering a perplexing error message that ominously stated, “Something has gone seriously wrong.” This disruption stemmed from a Microsoft update released as part of its monthly patch cycle, aimed at addressing a significant two-year-old vulnerability in GRUB, the open-source boot loader that powers many Linux systems. The vulnerability, designated CVE-2022-2601, had a severity rating of 8.6 out of 10, allowing potential attackers to bypass Secure Boot—a critical safeguard designed to prevent the loading of malicious firmware or software during the boot process. Although the flaw was identified in 2022, Microsoft only issued a patch last Tuesday, leaving many users in a lurch.

Multiple distros, both new and old, affected

The ramifications of this update were particularly pronounced for dual-boot systems, which are configured to run both Windows and Linux. Users attempting to boot into Linux found themselves confronted with a message indicating a “Security Policy Violation.” Almost immediately, support forums became inundated with reports of the issue. One frustrated user noted, “Windows says this update won’t apply to systems that dual-boot Windows and Linux. This obviously isn’t true.” The confusion seemed to stem from variations in system configurations and the specific Linux distributions in use. Reports indicated that several popular distributions, including Debian, Ubuntu, Linux Mint, Zorin OS, and Puppy Linux, were all impacted.

Despite the growing outcry, Microsoft has yet to publicly acknowledge the error or provide clarity on how it slipped through testing. Their bulletin regarding CVE-2022-2601 stated that the update would install a Secure Boot Attestation Token (SBAT) only on devices running Windows exclusively, assuring users that dual-boot systems would remain unaffected. However, the reality proved otherwise, as many systems running recently released Linux versions, such as Ubuntu 24.04 and Debian 12.6.0, found themselves ensnared in this predicament.

What now?

With Microsoft maintaining a conspicuous silence, affected users have had to seek their own solutions. One immediate remedy involves accessing the EFI panel to disable Secure Boot, although this may not be a viable option for everyone due to varying security requirements. A more favorable short-term solution is to delete the SBAT policy that was introduced in the recent update. This approach allows users to retain some benefits of Secure Boot while still being vulnerable to attacks exploiting CVE-2022-2601. The steps to implement this remedy are as follows:

  1. Disable Secure Boot.
  2. Log into your Ubuntu user account and open a terminal.
  3. Execute the following command to delete the SBAT policy: sudo mokutil –set-sbat-policy delete.
  4. Reboot your PC and log back into Ubuntu to update the SBAT policy.
  5. Reboot again and re-enable Secure Boot in your BIOS.

This incident highlights the ongoing complications surrounding Secure Boot, a mechanism that has faced scrutiny over the past 18 months due to multiple vulnerabilities that can undermine its effectiveness. A particularly notable instance involved test keys used for authentication, which were conspicuously labeled “DO NOT TRUST.”

As Will Dormann, a senior vulnerability analyst at security firm Analygence, aptly noted, “While Secure Boot does enhance the security of Windows boot processes, it is increasingly marred by flaws that compromise its intended purpose.” The complexities of Secure Boot extend beyond Microsoft, as vulnerabilities in any component can potentially impact Windows systems that rely on this security feature. Consequently, Microsoft bears the responsibility of addressing and mitigating these vulnerabilities to ensure a more secure computing environment for all users.

Why is my Microsoft Store not updating on Xbox?

There could be several reasons why your Microsoft Store is not updating on Xbox. Common issues include problems with your internet connection, outdated system software, or a temporary server issue on Microsoft's end. Ensure your Xbox is connected to the internet, restart your console, and try again. Also, check for system updates in the Settings menu. If the problem persists, you may need to reset the Microsoft Store cache or contact Xbox Support.

How to update Roblox in Microsoft Store?

To update Roblox in the Microsoft Store, follow these steps: 1. Open the Microsoft Store app on your PC. 2. Click on the three-dot menu at the top right corner and select 'Downloads and updates'. 3. Click on 'Get updates' to refresh the list of available updates. 4. If an update for Roblox is available, it should appear here and start downloading automatically. Ensure your PC is connected to the internet. If the update does not appear, try restarting the Microsoft Store app or your PC.
Update: 21 Aug 2024
Microsoft Teams

Microsoft Teams download for free to PC or mobile

4
987 reviews
2796 downloads

News and reviews about Microsoft Teams

Loading...