logo
welcome
Ars Technica

Ars Technica

“Something has gone seriously wrong,” dual-boot systems warn after Microsoft update

Ars Technica
Summary
Nutrition label

70% Informative

Microsoft issued an update to close a 2-year-old vulnerability in GRUB , an open source boot loader used to start up many Linux devices.

The vulnerability, with a severity rating of 8.6 out of 10 , made it possible for hackers to bypass Secure Boot .

Multiple distros, both new and old, affected Tuesday ’s update left dual-boot devices—meaning those configured to run both Windows and Linux — no longer able to boot into the latter when Secure Boot was enforced.

“At the end of the day , while Secure Boot does make booting Windows more secure, it seems to have a growing pile of flaws that make it not quite as secure as it's intended to be,” said Will Dormann , a senior vulnerability analyst at security firm Analygence. “ SecureBoot gets messy in that it's not a MS-only game, though they have the keys to the kingdom. Any vulnerability in a SecureBoot component might affect a SecureBoot-enabled Windows -only system. As such, MS has to address/block vulnerable things.”.