{"id":64692,"date":"2024-08-20T20:17:10","date_gmt":"2024-08-21T00:17:10","guid":{"rendered":"http:\/\/pappp.net\/?guid=a881f476d71ce57a41b7daf947fca20c"},"modified":"2024-08-20T20:17:10","modified_gmt":"2024-08-21T00:17:10","slug":"something-has-gone-seriously-wrong-dual-boot-systems-warn-after-microsoft-update","status":"publish","type":"post","link":"https:\/\/pappp.net\/?p=64692","title":{"rendered":"\u201cSomething has gone seriously wrong,\u201d dual-boot systems warn after Microsoft update"},"content":{"rendered":"<p class=\"syndicated-attribution\">Source: <a href=\"https:\/\/arstechnica.com\/?p=2044381\">Ars Technica<\/a><\/p>\n<div style=\"background-color : #fff7d5;\n\t\t\tborder-width : 1px; padding : 5px; border-style : dashed; border-color : #e7d796;margin-bottom : 1em; color : #9a8c59;\">Article note: Just like the bad old days, Microsoft updates fucking bootloaders. \nThis seems to be largely justified on the control-granting security theater around secure boot.<\/div><div>\n<figure>\n  <img src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/power-on-button-800x451.jpg\" alt=\"&ldquo;Something has gone seriously wrong,&rdquo; dual-boot systems warn after Microsoft update\" referrerpolicy=\"no-referrer\" loading=\"lazy\"\/>\n      <p><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/08\/power-on-button.jpg\" rel=\"noopener noreferrer\">Enlarge<\/a> (credit: Getty Images)<\/p>  <\/figure>\n\n\n\n\n\n\n<div><a name=\"page-1\"><\/a><\/div>\n<p>Last Tuesday, loads of Linux users&mdash;many running packages released as early as this year&mdash;started reporting their devices were failing to boot. Instead, they received a cryptic error message that included the phrase: &ldquo;Something has gone seriously wrong.&rdquo;<\/p>\n<p>The cause: an <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2022-2601\" rel=\"noopener noreferrer\">update<\/a> Microsoft issued as part of its monthly patch release. It was intended to close a <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-2601\" rel=\"noopener noreferrer\">2-year-old vulnerability<\/a> in <a href=\"https:\/\/en.wikipedia.org\/wiki\/GNU_GRUB\" rel=\"noopener noreferrer\">GRUB<\/a>, an open source boot loader used to start up many Linux devices. The vulnerability, with a severity rating of 8.6 out of 10, made it possible for hackers to bypass secure boot, the industry standard for ensuring that devices running Windows or other operating systems don&rsquo;t load malicious firmware or software during the bootup process. CVE-2022-2601 was discovered in 2022, but for unclear reasons, Microsoft patched it only last Tuesday.<\/p>\n<h2>Multiple distros, both new and old, affected<\/h2>\n<p>Tuesday&rsquo;s update left dual-boot devices&mdash;meaning those configured to run both Windows and Linux&mdash;no longer able to boot into the latter when Secure Boot was enforced. When users tried to load Linux, they received the message: &ldquo;Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.&rdquo; Almost immediately <a href=\"https:\/\/www.reddit.com\/r\/linux4noobs\/comments\/1euuiwv\/please_help_error_verifying_shim_sbat_data_failed\/\" rel=\"noopener noreferrer\">support<\/a> and <a href=\"https:\/\/askubuntu.com\/questions\/1523353\/windows-aug-13-update-broke-my-ubuntu-system\" rel=\"noopener noreferrer\">discussion<\/a> forums <a href=\"https:\/\/community.frame.work\/t\/sbat-verification-error-booting-linux-after-windows-update\/56354\" rel=\"noopener noreferrer\">lit up<\/a> with <a href=\"https:\/\/www.reddit.com\/r\/linuxquestions\/comments\/1euuha4\/please_help_error_message_verifying_shim_sbat\/\" rel=\"noopener noreferrer\">&#8203;&#8203;reports<\/a> of the <a href=\"https:\/\/forums.linuxmint.com\/viewtopic.php?t=427297&amp;sid=dab5f35699069b1d030e710a1eb3c793\" rel=\"noopener noreferrer\">failure<\/a>.<\/p><\/div><p><a href=\"https:\/\/arstechnica.com\/?p=2044381#p3\" rel=\"noopener noreferrer\">Read 10 remaining paragraphs<\/a> | <a href=\"https:\/\/arstechnica.com\/?p=2044381&amp;comments=1\" rel=\"noopener noreferrer\">Comments<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Enlarge (credit: Getty Images)  <\/p>\n<p>Last Tuesday, loads of Linux users\u2014many running p&#8230;<\/p>\n<p> <a href=\"https:\/\/pappp.net\/?p=64692\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[226],"tags":[],"class_list":["post-64692","post","type-post","status-publish","format-standard","hentry","category-news-2"],"_links":{"self":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/64692","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=64692"}],"version-history":[{"count":0,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/64692\/revisions"}],"wp:attachment":[{"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=64692"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=64692"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=64692"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}