Microsoft Fixes Windows Update That Broke GRUB in Dual-Boot Systems

Microsoft finally fixed the GRUB boot issue on dual-boot systems nine months after a Windows update caused widespread Linux boot failures.

Long story short – the problem began after Microsoft’s August 2024 Patch updates, which included a mitigation for a known GRUB2 vulnerability (CVE-2022-2601). The flaw allowed malicious actors to bypass UEFI Secure Boot protections using a compromised GRUB2 bootloader.

To address this, Microsoft deployed a Secure Boot Advanced Targeting (SBAT) update (KB5041571) to block vulnerable bootloaders. Unfortunately, this had unintended consequences.

While it was supposed to detect and exempt dual-boot configurations from being affected, this detection failed in several scenarios. As a result, many dual-boot users with Windows and Linux on the same machine suddenly found themselves unable to get into their Linux system. Affected systems displayed error messages like:

Verifying shim SBAT data failed: Security Policy Violation
SBAT self-check failed: Security Policy ViolationCode language: PHP (php)

In other words, the bootloader was being rejected due to the SBAT policy, even though the system was expected to support both operating systems.

Fortunately, nine months later, after many user reports, frustration, and workarounds circulating across forums and GitHub issues, Microsoft finally acknowledged the problem and rolled out a fix during the just-released May 2025 Patch Tuesday updates (KB5058385).

The updated patch improves how dual-boot configurations are detected, ensuring the SBAT policy is applied only where appropriate. According to Microsoft, systems affected by this issue should now function correctly after installing the latest update.

This issue was resolved by Windows updates released May 13, 2025, and later. We recommend you install the latest update for your device as it contains important improvements and issue resolutions, including this one.

So, if you haven’t yet installed the latest Windows updates, do it – that’s the first step.

For users still experiencing boot issues, you can temporarily disable Secure Boot in your BIOS settings to allow Linux to boot. However, this is not recommended in the long term for security-conscious users.

Alternatively, in Linux, you can remove the SBAT policy by running sudo mokutil --set-sbat-policy delete, then reboot and re-enable Secure Boot.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

2 Comments

  1. Anonymous

    use limine maybe is not have this problem?

    Reply
  2. Linux User

    9 months for a fix? I’m glad that i do not dual boot and only use linux.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts