Microsoft’s latest monthly security update has hit dual boot Windows and Linux systems.
The software giant released a security patch last week to fix a two year old vulnerability in the open source GRUB bootloader used by many Linux machines.
The vulnerability, CVE 2022 2601, was discovered in 2022, though Microsoft waited two years to fix it for unclear reasons.
Microsoft’s patch wasn’t supposed to reach dual boot devices, but it did reach a large number of them, and it prevents Linux distributions from booting properly.
A large number of dual boot users are reportedly experiencing security policy violation messages, along with critical error messages.
There are reports of the issues on Reddit, Ubuntu forums, and elsewhere. All distributions, including Ubuntu, Debian, and Linux Mint, are affected by Microsoft’s patch.
The update was supposed to fix a vulnerability that allowed hackers to bypass Secure Boot, a technology widely used in Windows and Linux distributions to ensure that malicious firmware is not loaded across devices during boot.
Microsoft said earlier this month that it was rolling out a Secure Boot Advanced Targeting update to block vulnerable Linux boot loaders that could have a security impact on Windows, though the update won’t apply to dual boot systems with Windows and Linux, so it shouldn’t affect those systems.
Microsoft has not commented on the issues its update has caused, though there is a workaround for Ubuntu users that involves disabling Secure Boot at the BIOS level and then logging into your Ubuntu user account and opening a terminal to remove Microsoft’s Secure Boot Advanced Targeting policy.
Microsoft has been using Secure Boot in Windows for years, and has made using the technology to protect Windows 11 from rootkit spyware in the BIOS a prerequisite.
Researchers have found numerous vulnerabilities in Secure Boot over the years, and previously found that Secure Boot was completely broken across a wide range of computers.
Microsoft Makes Changes After CrowdStrike Incident
Microsoft said it is building an alternative to cybersecurity firms that now use the Windows kernel after a flawed CrowdStrike update took down millions of Windows computers, crippling airports, banks, exchanges and businesses around the world.
The outage has sparked a debate about whether cybersecurity firms should be allowed to operate at the kernel level of Windows systems because of the risks associated with such kernel access.
Microsoft said it is designing and developing a new platform in response to what it said was customer and partner demand to enable security vendors to operate outside the kernel, the core layer of the operating system.
Such a shift would require significant retooling by Microsoft and some third party cybersecurity firms that use kernel access to monitor potential threats. Microsoft said the goal is to boost reliability without sacrificing security.
The announcement comes from a security conference hosted by the software giant on September 10 at its Redmond, Washington, headquarters, where it discussed with cybersecurity firms the changes made to Windows in the wake of the CrowdStrike incident in July.
Microsoft said in a blog post that the latest version of Windows has introduced changes that allow cybersecurity firms to provide security capabilities outside the kernel.
Microsoft discussed the difficulties security experts face in operating outside the kernel environment, as well as the need to protect security products from tampering and meet security sensor requirements.
Following the meeting, some security firms are seeing the need to operate at this core layer.
In a statement released by Microsoft, cybersecurity firm Eset said: It is essential that cybersecurity products continue to have the option to access the kernel in order to continue to innovate and be able to detect and block future cyberthreats.
We appreciate the opportunity to join these important discussions with Microsoft and our industry peers about how best to collaborate to build a flexible and open Windows security ecosystem that enhances security for our shared customers, said Drew Bagley, CrowdStrike vice president and privacy and internet policy counsel, in a Microsoft statement.