Recently, users worldwide have reported significant problems with dual-booting Linux after installing the Windows 11 23H2 update (KB5041585) released in August 2024 as part of the Patch Tuesday security updates.
This issue, affecting users with dual boot setups on Linux and Secure Boot enabled, has raised serious concerns within the Linux community. According to reports, many systems that previously booted both Windows and Linux have stopped booting Linux altogether after the update. Affected distributions include Ubuntu, Linux Mint, Zorin OS, Puppy Linux, and others.
The cause of the problem: SBAT and the security patch
Microsoft has identified the root cause of the dual boot issue as stemming from an update targeting Secure Boot Advanced Targeting (SBAT). This update was intended to block Linux bootloaders that haven’t been patched against the security vulnerability CVE-2022-2601, which affects the GRUB2 bootloader used in many Linux distributions.
According to Microsoft, this vulnerability could bypass Secure Boot protections, potentially compromising Windows security. As a result, the Windows 11 23H2 update KB5041585 was released to ensure that systems running Secure Boot are protected from this flaw.
In a recent statement, Microsoft clarified: “The SBAT value does not apply to dual-boot systems running Windows and Linux and should not affect these systems. However, ISOs of older Linux distributions may fail to boot. If this occurs, we recommend working with your Linux vendor to obtain an update.”
Users are facing errors with Windows 11 23H2 update KB5041585.
Despite Microsoft’s assurances, many users have reported encountering serious issues after installing the update, with errors such as “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation” appearing when attempting to boot into Linux. In some cases, the affected devices even shut down immediately after these errors.
This problem has caused major disruptions for users who rely on dual-boot systems, pushing them to seek out potential workarounds. Some have tried removing the SBAT policy or resetting Secure Boot values to their factory settings, but these solutions have not been effective in resolving the issue.
Temporary solution: Disable Secure Boot
Currently, the only workable solution for many users is to disable Secure Boot, which allows the Linux distribution to be installed and booted. However, this approach poses a security risk, as disabling Secure Boot can make the system more vulnerable to potential threats.
Once Linux is booted, users can update their distribution to the latest version, applying the necessary patches to the GRUB2 bootloader. After the update, Secure Boot can be re-enabled, and the system should boot normally without issues.
Microsoft has not yet officially acknowledged that the Windows 11 23H2 update KB5041585 is causing problems for dual-boot Linux systems. In the meantime, affected Linux users are hoping for a permanent fix that will allow them to use both operating systems securely.
 released in August 2024){kind=link}