Full Report
Microsoft has fixed a known issue preventing Linux from booting on dual-boot systems with Secure Boot enabled after installing the August 2024 Windows security updates. [...]
Analysis Summary
# Vulnerability: Linux Boot Failure After Windows Updates (SBAT Violation)
## CVE Details
- CVE ID: Not explicitly provided for the specific boot failure, but related to update guidance that mentions **CVE-2022-2601** in a separate context regarding stopping automatic SBAT updates.
- CVSS Score: Not applicable/provided for this specific non-security boot issue.
- CWE: Not applicable (This is a functional operational issue, not a traditional software security vulnerability).
## Affected Systems
- Products: Microsoft Windows (Systems dual-booting with Linux). Affected updates include August 2024 security and preview updates.
- Versions: Windows Server 2022 (mentioned in release health status), likely impacting other Windows OS versions utilizing the affected updates.
- Configurations: Dual-boot systems where a bootloader option relies on the Secure Boot Attribute Table (SBAT).
## Vulnerability Description
Microsoft's August 2024 security and preview updates introduced changes (likely related to SBAT provisioning) that caused a critical boot failure for Linux installations on dual-boot systems. Affected users encountered the error: "Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation," rendering the Linux OS unbootable.
## Exploitation
- Status: Not applicable (This is a system breakage issue, not malicious exploitation).
- Complexity: Not applicable.
- Attack Vector: Not applicable.
## Impact
- Confidentiality: None (Operational failure).
- Integrity: Medium (Linux filesystem integrity/access potentially jeopardized or inaccessible until fixed).
- Availability: High (Linux OS becomes unbootable).
## Remediation
### Patches
The issue was resolved by Microsoft updates released on or after **May 13, 2025**. Users are recommended to install the latest available Windows update.
### Workarounds
1. **Temporary Fix (Prior to permanent patch):** Delete the existing problematic SBAT update and configure systems to prevent future SBAT updates from being installed automatically.
2. **Preventing Future Issues (Stopping automatic SBAT updates):** Run the following command in an elevated prompt:
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\SBAT /v OptOut /d 1 /t REG_DWORD
*Note: Microsoft stopped applying the problematic SBAT update automatically with the September 2024 security update and later.*
## Detection
- Indicators of Compromise: System error message upon boot: "Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation."
- Detection Methods and Tools: Monitoring system boot health immediately following the installation of August 2024 Windows updates or confirming the boot error message.
## References
- Vendor advisories: Microsoft release health update status for affected Windows Server 2022 (and implied for other systems).
- Relevant links - defanged:
- hxxps://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-august-updates-break-linux-boot-in-dual-boot-systems/
- hxxps://www.reddit.com/r/computers/comments/1ev629x/how_to_solve_this/
- hxxps://www.bleepingcomputer.com/news/microsoft/microsoft-shares-temp-fix-for-linux-boot-issues-on-dual-boot-systems/
- hxxps://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2022-2601#exploitability
- hxxps://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#3377msgdesc