news

한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina

An update from Microsoft has made Linux an unforeseen target.

A large number of Linux users said that after installing Microsoft's update, their Linux systems could not start.

The Linux users affected by Microsoft's update all have Windows+Linux dual systems installed.

The sudden inability to start the computer made many users extremely anxious, and they quickly posted messages looking for solutions.

As a result, similar feedback flooded Reddit and multiple Linux communities.

After this incident, some netizens lamented that it was impossible for Microsoft to conduct detailed testing on Linux, and it would be safer to implement dual systems through virtual machines.

Some netizens also believe that this is not an accident.

After all, Microsoft has previously tried to prevent Windows 10 users from starting other operating systems through secure boot.

As an alternative, Microsoft also launched WLS, which makes it possible to run the Linux subsystem in Windows to meet users' dual-system needs.

Microsoft fixes vulnerability, Linux gets caught in the crossfire

Those affected by this incident are users of dual systems of Windows+Linux.

After installing the update, these users will receive an error message when booting Linux, saying "A serious error has occurred."

Verifying shim SBAT data failed: Security Policy Violation.

shim SBAT data verification failed: security policy violation

Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.

A serious error occurred: SBAT self-test failed: Security policy violation

△

Image source: Reddit/paku1234

Multiple distributions, including Debian and Ubuntu, both new and old, were affected, and even USB flash drives and CD-ROM boots had similar problems.

The direct reason behind this is a new patch released by Microsoft.

The patch fixes a vulnerability exposed two years ago, code-named CVE-2022-2601, with a CVSS severity score of 8.6 (maximum 10).

The vulnerability is related to GRUB, an open source boot loader used to start many Linux devices.

The vulnerability allows hackers to bypass secure boot, an industry standard that ensures that malicious firmware or software is not loaded during the operating system startup process.

Microsoft explained in its advisory about CVE-20220-2601 that the update for the vulnerability will install SBAT, a Linux mechanism for masking various components in the boot path.

This will reduce the chances of Secure Boot on Windows devices being attacked by GRUB packages that exploit this vulnerability.

At the same time, Microsoft also vowed that devices equipped with Linux will not be affected by this update.

△

Early GRUB interface

But the opposite happened.Not only did Linux malfunction, but other programs were also harmed by SBAT.

Some netizens said that their software has network boot function, and because it also uses GRUB, it will not run after the update.

To solve this problem, you need to disable secure boot for all devices in the system or delete the SBAT file.

Some users were puzzled by Microsoft's actions and questioned why Microsoft would repair a module that did not belong to Windows and that Microsoft knew "nothing" about.

Microsoft's response was "slapped in the face" by reality

Microsoft responded to this wave of failures as follows:

This update will not be applied when a Linux boot option is detected.

We are aware that certain assisted boot scenarios can cause issues for some customers, including using an "outdated" Linux loader.

We are working with our Linux partners to investigate the cause and solution.

In fact, it is basically the same as the announcement when CVE-20220-2601 was released:

SBAT values ​​do not apply to dual-boot systems with Windows and Linux installed at the same time, and in theory should not affect these systems.

Older Linux distributions may not boot, if this happens work with your Linux vendor to get an update.

But Microsoft's statement is somewhat self-contradictory - if it is not a dual system, this kind of failure will naturally not occur if Linux is used alone.

Some people even asked a soul-searching question: If you only use Windows, who would install GRUB?

Regarding the issue of the virus, the actual situation is not that only old versions of Linux are affected as Microsoft said. Some of the systems that have problems are newer versions (such as Ubuntu 24.04 and Debian 12.6.0).

However, some netizens commented that Microsoft was not lying, because Linux could not be started after installing the patch, so it was not considered a dual system.

。

In addition, some enthusiastic netizens proposed emergency remedial measures:

First enter BIOS and turn off secure boot, the purpose is to enter the Linux system first.

Then use the command line to delete the SBAT policy that caused the failure, and then restart to make the settings take effect.

Finally, enter BIOS again and turn on secure boot again, and the problem will be temporarily solved.