9 Months Later, Microsoft Finally Fixes Linux Dual-Booting Bug (itsfoss.com) 18
Last August a Microsoft security update broke dual-booting Windows 11 and Linux systems, remembers the blog Neowin. Distros like Debian, Ubuntu, Linux Mint, Zorin OS, and Puppy Linux were all affected, and "a couple of days later, Microsoft provided a slightly lengthy workaround that involved tweaking around with policies and the Registry in order to fix the problem."
The update "was meant to address a GRUB bootloader vulnerability that allowed malicious actors to bypass Secure Boot's safety mechanisms," notes the It's FOSS blog. "Luckily, there's now a proper fix for this, as Microsoft has quietly released a new patch on May 13, 2025, addressing the issue nine months after it was first reported... Meanwhile, many dual-boot users were left with borked setups, having to use workarounds or disable Secure Boot altogether."
The update "was meant to address a GRUB bootloader vulnerability that allowed malicious actors to bypass Secure Boot's safety mechanisms," notes the It's FOSS blog. "Luckily, there's now a proper fix for this, as Microsoft has quietly released a new patch on May 13, 2025, addressing the issue nine months after it was first reported... Meanwhile, many dual-boot users were left with borked setups, having to use workarounds or disable Secure Boot altogether."
So wait... (Score:3)
The text makes it seem like Microsoft twiddled their thumbs over this patch but if GRUB had an actual vulnerability in the SecureBoot process that needed patching...
When exactly was that patch released? Was it right after the vulnerability was found or shortly before Microsoft released their Win11 patch?
Re: (Score:2)
The text makes it seem like Microsoft twiddled their thumbs over this patch but if GRUB had an actual vulnerability in the SecureBoot process that needed patching...
When exactly was that patch released? Was it right after the vulnerability was found or shortly before Microsoft released their Win11 patch?
Reading through the details, only proved why finger pointing is now a valid legal defense.
To address this security issue, Windows will apply a Secure Boot Advanced Targeting (SBAT) update to block vulnerable Linux boot loaders that could have an impact on Windows security.
Between the makers of Linux, Windows, Secure Boot, and GRUB is the responsible party. Good luck.
Re: (Score:3)
At this time, the only option if you need reliable performance is to disable "secure" boot. If you are concerned about an Evil Maid type of attack (I am not), set a BIOS boot password and make sure not to leave your PC unsupervised.
Re: (Score:2)
If you are concerned about an Evil Maid type of attack (I am not), set a BIOS boot password [...]
This will not mitigate against an Evil Maid. A UEFI/BIOS boot password will not protect your system against a compromised boot sequence.
Re: (Score:2)
If you are concerned about an Evil Maid type of attack (I am not)
Ignorant as usual. Secure Boot is not to combat the Evil Maid attack. It's to combat malware persistence of literally any malware that is able to gain elevated privileges.
Re: (Score:2)
The text makes it seem like Microsoft twiddled their thumbs over this patch but if GRUB had an actual vulnerability in the SecureBoot process that needed patching...
When exactly was that patch released? Was it right after the vulnerability was found or shortly before Microsoft released their Win11 patch?
My recollection was that the GRUB vulnerability was detected (and a fix made available) back in the 2022 time frame. Because of the expected impact, the update to revoke the vulnerable GRUB loader was deferred until mid-2024 (allowing Linux vendors time to update and resign and ship updated GRUBs). It turned out that it took a bit longer than might otherwise be expected because between the last GRUB version release and this new fix other requirements for signed boot loaders had been put in place, and bet
Re: (Score:2)
Yes, pretty clearly.
Re: (Score:2)
Re: (Score:2)
If you want your computer to "just work" - especially securely - why would you even run Windows?
LOL you misspelled Linux. 99.9% of Windows installs "just work", compared to Linux where you need to fuck around a bit to get your hardware going. Look I love Linux, running it as my daily driver on my home PC, but pretending that it "just works" is just lunacy. If everything 100% worked for you first go, great, more power to you. The reality is it needs more out of the box tinkering than any other OS, and lying to yourself and others is not doing it any favours.
Re: (Score:2)
If you're not in the unlikely situation that your hardware doesn't support virtualization, why would you run a dual boot at all?
Perhaps it’s the virtualization itself that is to blame, since most everyone running around with decades of VMWare experience is scrambling to learn and move systems onto anything other than that overpriced shit.
Re: (Score:2)
If you're not in the unlikely situation that your hardware doesn't support virtualization, why would you run a dual boot at all?
If all you want is basic functionality, virtualization works OK (I have run WIndows in a VM on Linux for occasional use of programs that only have a Windows app). But if you need native access to certain hardware (especially the GPU) in a performant mode, things get more complex (including, in some cases, the need for enterprise targeted (and priced) GPUs that have SR-IOV (or equivalent)).
For some use cases, WSL (Window Subsystem for Linux) may be a better solution rather than a full Linux VM running un
Probably intentional sabotage (Score:2)
And they are just testing how long the EU takes to do something. Microsoft is scum.
One thing is sure, I will not be activating "secure" boot. It does nothing for _my_ security anyways and it gives the MS assholes power they should not have.
Oh, and to all the people that ask "why dual-boot", here is a scenario: I stream and record lectures via Teams. That means when Browser-based Teams on Linux or Win11 VM under Linux stops working or works badly (and MS has made it clear that they will test out more stabota
Re: (Score:2)
Why would the EU do something? Microsoft revoked an insecure key for a known insecure version of grub, communicated the issue at the time to the grub team, and provided a workaround for people while the issue that involves multiple parties doing multiple things got resolved.
One thing is sure, I will not be activating "secure" boot.
No one cares about your shithouse security practices.
Bad writeup. Here's what happened. (Score:2)
Having read the links in the writeup, it seems to be a pretty bad description of how things developed. The short of it, as I understand it, is:
- On the 13th of August 2024 Microsoft published an automatic update which applied a security fix to GRUB2 which was meant not to be applied to dual-boot system.
- Due to a bug some form of dual-boot weren't detected, causing the patch to be applied and dual-boot to break.
- On the 23th of August Neowin published a somewhat lengthy workaround for fixing dual-boot syste