A recent Windows update that fixes a two-year-old vulnerability appears to be causing problems for dual-boot devices that can run both Windows and Linux. Users who try to boot Linux get a message with the ominous text ‘Something has gone seriously wrong’.
Users of a wide variety of Linux distributions are reporting the error. It seems to occur with the distros Debian, Ubuntu, Linux Mint, Zorin OS and Puppy Linux, reports Ars Technica.
The patch Microsoft put out during the latest Patch Tuesday fixes a vulnerability in bootloader GRUB that allowed malicious actors to bypass Secure Boot. The vulnerability in question was CVE-2022-260, which dates back to 2022 but has only now been fixed.
However, an unintended side effect of the patch seems to be that users of dual-boot systems can no longer boot Linux. The full error message that appears on the screen reads “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation”. After that, the device shuts itself down.
Conflicting message
Microsoft has not responded to the error. The company’s own documentation on the patched vulnerability (which was originally at issue, after all) states that it updates Secure Boot Advanced Targeting (SBAT), which blocks vulnerable Linux bootloaders. That documentation states the update does not apply to dual-boot systems but that old Linux distros may no longer boot. When that happens unexpectedly, Microsoft simply recommends updating the outdated distro.
In practice, the problem seems to be quite a bit more persistent than Microsoft makes it seem. It cannot be fixed by removing the SBAT policy, wiping Windows, or resetting Secure Boot to its factory settings. The only solution so far is to turn off Secure Boot, install the latest version of the Linux distro in use, and then turn Secure Boot back on.
Also read: Patch Tuesday fixes 6 actively exploited vulnerabilities