“Something Seriously Went Wrong” — Dual-boot Windows and Linux systems get worrying warning after Microsoft update
Linux users who dual-boot systems with Windows have reported that their devices suddenly stopped booting and displayed an alarming message that reads, “Something seriously went wrong.”
It has now been confirmed that a dodgy security update from Microsoft was the cause of the problem. The update was intended to address CVE-2022-2601 as part of the company’s monthly patch release.
As a result, people with dual-boot systems (machines configured to run both Windows and Linux) were unable to boot into Linux.
Microsoft update disrupts dual-boot systems
The update was rolled out to fix CVE-2022-2601, a critical vulnerability in the GRUB bootloader used by many Linux distributions. It was identified two years ago and could allow hackers to bypass Secure Boot, a security feature designed to prevent malware from loading during the boot process.
Despite the high rating of 8.6 out of 10, the vulnerability was not closed until August 13, 2024.
Users affected by the unintended issue in the update saw a message that read: “Failed to verify shim SBAT data: Security policy violation. Something went seriously wrong: SBAT self-check failed: Security policy violation.”
The issue affects several popular Linux distributions, including Debian, Ubuntu, Linux Mint, Zorin OS, and Puppy Linux.
In the hours and days following the bogus update, online forums filled with complaints and frustrated users sharing their workarounds, such as disabling Secure Boot or removing the problematic SBAT policy. Despite the widespread problems, Microsoft has yet to provide a fix.
Microsoft said (via Ars Technique): “We are aware that some secondary boot scenarios are causing issues for some customers, including when using outdated Linux loaders with vulnerable code. We are working with our Linux partners to investigate and address this.”
For now, dual-boot users will have to make do with a temporary workaround until Microsoft rolls out an update for the two-year-in-the-making security patch.