Stories
Slash Boxes
Comments

SoylentNews is people

Breaking News
posted by janrinok on Thursday August 22, @06:28PM   Printer-friendly

Arthur T Knackerbracket has processed the following story:

Microsoft's Patch Tuesday for August 2024 includes a fix for a security vulnerability in the Grub2 boot loader, which is used by many Linux operating systems. Tracked as CVE-2022-2601, this flaw, discovered in 2022, could lead to an out-of-bounds write with a potential bypass of Secure Boot protection.

The Grub2 boot loader provides compatibility with the Secure Boot technology on PCs running Linux systems. After installing the new patch, Windows applies a Secure Boot Advanced Targeting (SBAT) policy to block vulnerable Linux boot loaders that could compromise OS security.

Microsoft explained that the SBAT value would not be applied to dual-boot systems with both Windows and Linux on the boot drive, so the patch was expected not to impact these systems. However, many users with dual-boot configurations have reported that the CVE-2022-2601 update still rendered booting into a Linux OS impossible.

The issue appears to affect various Linux distributions, including popular ones such as Ubuntu, Linux Mint, Zorin OS, Puppy Linux, and others. Affected systems typically display a "Security Policy Violation" error at boot, indicating a failed check on "shim SBAT data." Boot problems have been reported on both dual-boot systems and on Windows devices running Linux from an ISO image, USB drive, or optical media.

Microsoft's bulletin noted that only older Linux distros' ISOs were expected to experience boot issues following the CVE-2022-2601 patch. However, users with systems released in 2024 also seem to be affected. The only reliable way to restore a bootable state appears to be disabling Secure Boot entirely. Alternatively, users can follow the steps to remove the SBAT policy introduced by Microsoft this past week.


Original Submission

 
This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 3, Insightful) by bzipitidoo on Thursday August 22, @07:38PM

    by bzipitidoo (4388) on Thursday August 22, @07:38PM (#1369656) Journal

    Hmph, is that some corporatespeak I detect in the words "a fix for a security vulnerability in the Grub2 boot loader"? A "fix"? They call disabling Grub a "fix"?! Yeah, "fixed" in the same sense as applied to pet cats and dogs! Is this the start of a new offensive in MS's war against free software?

  • (Score: 5, Insightful) by janrinok on Thursday August 22, @07:56PM (3 children)

    by janrinok (52) Subscriber Badge on Thursday August 22, @07:56PM (#1369658) Journal

    Just don't use Windows. Problem fixed.

    --
    I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
    • (Score: 4, Interesting) by digitalaudiorock on Friday August 23, @12:28PM (1 child)

      by digitalaudiorock (688) on Friday August 23, @12:28PM (#1369734) Journal

      Just don't use Windows. Problem fixed.

      ...and while you're at it, do yourself a favor and don't use Grub either. On my AMD system with EFI I use rEFInd [rodsbooks.com], which is just awesome, and on my older BIOS systems I use SYSLINUX [syslinux.org]. If you want the sane simplicity Grub used to have in version 1 there are options.

      • (Score: 3, Interesting) by digitalaudiorock on Friday August 23, @04:35PM

        by digitalaudiorock (688) on Friday August 23, @04:35PM (#1369764) Journal

        Just to elaborate a little on that rEFInd, which I found out about from a recommendation on the Gentoo forums: When I compile a new kernel and do the "make install", that's it...I'm done. rEFInd needs no change and simply sees all the kernels under /boot, defaulting to the newest one. Just awesome...can't say enough about it.

    • (Score: 2) by Tork on Friday August 23, @10:42PM

      by Tork (3914) Subscriber Badge on Friday August 23, @10:42PM (#1369801)

      Just don't use Windows. Problem fixed.

      So... do linux users just play around at a bash prompt and edit text files all day? Just curious because when it came time for me to dump Windows it wasn't about which OS was better, it was about how the apps I need to run work on that OS. Lotsa people told me to switch OSs and not one of them said "What do you use your computer for?"

      --
      🏳️‍🌈 Proud Ally 🏳️‍🌈
  • (Score: 4, Informative) by hendrikboom on Thursday August 22, @09:48PM (1 child)

    by hendrikboom (1125) on Thursday August 22, @09:48PM (#1369672) Homepage Journal

    There's a coherent explanation on dreamwidth [dreamwidth.org].

    • (Score: 2, Touché) by Anonymous Coward on Friday August 23, @04:03AM

      by Anonymous Coward on Friday August 23, @04:03AM (#1369704)

      > There's a coherent explanation [...]

      The coherent explanation is that this can ultimately be traced back to the code (of unknown provenance) that Crazy Matt there got accepted into the kernel and boot loader. You do realize that Crazy Matt there is the full reason why Microsoft got away with the shim in the first place, right? He's not an unbiased source on this.

  • (Score: 3, Informative) by Hartree on Thursday August 22, @10:12PM

    by Hartree (195) on Thursday August 22, @10:12PM (#1369673)

    "Windows isn't done till the Linux won't run."

  • (Score: 5, Insightful) by Mojibake Tengu on Thursday August 22, @10:14PM (1 child)

    by Mojibake Tengu (8598) on Thursday August 22, @10:14PM (#1369674) Journal

    Dual boot with Windows is like a marriage with a narcissist person: no amount of technical virtuosity, self-control or temperance will protect you from experiencing pain and suffering recurrently.

    Windows installation can do any damage it wants to Linux installation at any occasion. There is no natural, technical or legal barrier for that. What's so hard to understand about the fragility of the situation?

    Just go and buy another computer if you keep yourself so entangled deliberately.

    --
    Rust programming language offends both my Intelligence and my Spirit.
    • (Score: 3, Funny) by boltronics on Friday August 23, @03:45AM

      by boltronics (580) on Friday August 23, @03:45AM (#1369702) Homepage Journal

      Even more strange is that someone would have to have Secure Boot enabled for this to be a problem. Would someone that concerned with security really be running Windows in the first place, especially when they already have a GNU/Linux installation?

      --
      It's GNU/Linux dammit!
  • (Score: 4, Insightful) by RedGreen on Friday August 23, @12:14AM (1 child)

    by RedGreen (888) on Friday August 23, @12:14AM (#1369687)

    Microsoft and security in the same sentence is unless the gist of the sentence is Microsoft does not have one single fscking clue how to do it. To trust anything to this company is to get what you deserve for using a virus/trojan delivery system masquerading as an OS as has been proven for literally decades now at this point. They have even given up all pretense of not being one with the new keylogger/spyware features that will make it even easier for the criminals to steal your data by recording ever God damn thing you do and storing it unencrypted EVEN. Thankfully my twenty-fifth anniversary of being free from their garbage just passed by early this spring. I will never use this so called secure boot feature as it is designed by a bunch of incompetent fools.

    --
    "I modded down, down, down, and the flames went higher." -- Sven Olsen
    • (Score: 4, Interesting) by bart on Friday August 23, @09:08AM

      by bart (2844) on Friday August 23, @09:08AM (#1369721)
      I'm 61 years old, and have been professionally developing software since 1985; I've pretty much never used Windows :-). One short stint using Cygwin on Win-NT, and once writing a device driver for it. The driver was what made me realize what a horrorshow the Win32 interface is. Everything is passed around as a HNDL inside Windows which is just a #define to a void pointer.

      I switched fulltime to Linux somewhere around 2004 including all my desktop needs, and never regretted it.

(1)