Last Tuesday, loads of Linux users—many running packages released as early as this year—started reporting their devices were failing to boot. Instead, they received a cryptic error message that included the phrase: “Something has gone seriously wrong.”

The cause: an update Microsoft issued as part of its monthly patch release. It was intended to close a 2-year-old vulnerability in GRUB, an open source boot loader used to start up many Linux devices. The vulnerability, with a severity rating of 8.6 out of 10, made it possible for hackers to bypass secure boot, the industry standard for ensuring that devices running Windows or other operating systems don’t load malicious firmware or software during the bootup process. CVE-2022-2601 was discovered in 2022, but for unclear reasons, Microsoft patched it only last Tuesday.

The reports indicate that multiple distributions, including Debian, Ubuntu, Linux Mint, Zorin OS, Puppy Linux, are all affected. Microsoft has yet to acknowledge the error publicly, explain how it wasn’t detected during testing, or provide technical guidance to those affected. Company representatives didn’t respond to an email seeking answers.

  • Todd Bonzalez@lemm.ee
    link
    fedilink
    arrow-up
    55
    ·
    4 months ago

    Hey Microsoft: Windows is yours, GRUB is mine. I don’t give a shit if GRUB is vulnerable, I’ll fix that myself if I choose to.

    Mind your own fucking business. The most you should ever do is let me know about it, not try to patch things you aren’t responsible for…

    • kieron115@startrek.website
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 months ago

      The update was meant to fix a situation where an attacker would somehow get grub onto a machine that was SINGLE booting windows and use grub to tamper with secureboot. this fix was meant to only apply in single boot situations where it should be entirely unexpected to see grub. as they said, something went seriously wrong.

  • hobbsc@lemmy.sdf.org
    link
    fedilink
    arrow-up
    37
    arrow-down
    1
    ·
    4 months ago

    “secure” boot, the industry standard for ensuring that devices don’t run software other than Windows during the bootup process

    FTFY

  • mortimer@lemmy.world
    link
    fedilink
    English
    arrow-up
    17
    ·
    edit-2
    4 months ago

    So glad I recently removed Windows from my former dual boot system completely. Was sick of getting errors during Linux boot up after running Windows for that one piece of software I couldn’t get to work in Wine or Bottles. The culprit I assumed was Windows updates, which I attempted to disable through the registry on several occasions. It would work for a short period and then Microsoft, in all their wisdom, would just reenable updates because clearly they know better than I what I want my system to do. The last time it happened was the final straw for me when I wanted to boot into Windows briefly only to be left waiting half an hour for Windows to apply updates on shutdown. Pissed me off so much I killed the power mid-update, booted up a live partition tool and wiped Windows off my system completely (updating the grub to remove dual boot). That’s when I discovered that not properly shutting down Windows would mark my other drives dirty and make them read only. To fix this I ended up having to insert Windows installation media and pretend like I wanted to reinstall Windows 10 again. Once it got to the stage when it was about to write to the drive I cancelled the installation and rebooted back into Linux. Voilà! Could write to my drives again. To hell with Windows. I’d rather live without that one piece of software and have my system do what I want it to do rather than it second guess me and disregard my instructions. This whole automatic update thing really boiled my piss. At least with Linux I can choose to apply updates when it’s convenient for me to do so.

    • uranibaba@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      4 months ago

      I have two pieces of software I cannot live without, to the point that I would rewrite them for Linux if it came to that. Running Windows as a VM using Virtual Box has been a nice experience so far. (Given that both software are not CPU nor GPU heavy and could run on a tree if need be.)

      • Psuedocoder@programming.dev
        link
        fedilink
        arrow-up
        0
        ·
        4 months ago

        I installed windows 11 in kvm based vm and gave it 80GB of space on ssd. I have booted into it abot 5 to 6 times in last year or so. I hate that I have to keep it, but its nice to have when some shitty websites demand that they work only on windows. (I mean wtf, its a f*ing website)

        • uranibaba@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          4 months ago

          I can relate. Last time that happened, I gave up or trying to find out how that works and just used another computer that was already connected to the TV.

  • rem26_art@fedia.io
    link
    fedilink
    arrow-up
    14
    ·
    4 months ago

    Maybe its finally time to get rid of my dual boot. I haven’t used the windows side in like half a year…

  • Dharma Curious (he/him)@slrpnk.net
    link
    fedilink
    arrow-up
    12
    ·
    4 months ago

    Y’all, help a dummy out. I dual boot windows and Fedora. I only keep windows around for a very few college classes that require for screenwriting software. I have not booted into windows in months. I have a screenwriting class coming up in a week.

    How worried should I be? I am not great with computers, I run fedora mostly because I support the philosophy of Linux, less for the techy stuff. Please advice, Linux people. I’m scurred.

    • Iapar@feddit.org
      link
      fedilink
      arrow-up
      3
      ·
      4 months ago

      What do you use? Maybe there is a Linux alternative to that so you don’t have to bother with a VM.

    • 𝕸𝖔𝖘𝖘@infosec.pub
      link
      fedilink
      English
      arrow-up
      2
      ·
      4 months ago

      Which screenwriting software? Have you tried running it under WINE?

      And do you HAVE to use that one in particular? Or can you use something like Trelby, Manuskript, or Scrite?

        • 𝕸𝖔𝖘𝖘@infosec.pub
          link
          fedilink
          English
          arrow-up
          2
          ·
          4 months ago

          Ah. I did love final draft when my school paid for it. I’ve never used fade in, but the three I mentioned are all free, too. I’m not sure what version of final draft you’re using, but it doesn’t really matter for this, as its support under WINE is pretty lacking. Good luck!!

        • bionicjoey@lemmy.ca
          link
          fedilink
          arrow-up
          0
          ·
          4 months ago

          Depends if you care more about performance or ease of use. Based on the fact that OP hadn’t considered VM as a solution, I assume they aren’t super familiar with hypervisors.

          • Possibly linux@lemmy.zip
            link
            fedilink
            English
            arrow-up
            0
            ·
            4 months ago

            Virtualbox is a pain. Virtual manager is much easier and natively supported. You just click new and then follow the wizard

            • areyouevenreal@lemm.ee
              link
              fedilink
              arrow-up
              0
              ·
              4 months ago

              That’s not at all the case in my experience. Sure virtual box modules can be harder to install, but libvirt has so many issues that the average user has no idea about. I’ve had networking issues, display issues, and so on. At one point it read the display scaling information and scaled down the VM display instead of scaling it up. Furthermore RedHat don’t even support virt manager anymore. They want you to use Cockpit. Honestly the all around best virtualization solution is probably VMWare or something like Gnome boxes or QuickEmu.

  • chanteoma@lemmy.ml
    link
    fedilink
    arrow-up
    8
    ·
    4 months ago

    I use Debian and I also was affected by this Windows update. I was able to boot by disabling secure boot. I also found this option that apparently fixes the problem by changing the sbat policy using mokutil. But I haven’t tried it out yet. Has anyone got any luck with something else besides disabling secure boot?

    • ayyy@sh.itjust.works
      link
      fedilink
      arrow-up
      3
      ·
      4 months ago

      I thought the whole point of the Quest is that it’s a standalone device that runs games untethered?

        • bigmclargehuge@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          4 months ago

          Sadly, no, the Oculus software suite is Windows only, no exceptions. If there are a couple must-plays on your list that are Oculus Store only, you’ll have to keep Windows around. Who knows, maybe someday there will be some workaround, but that’s not the case at the moment.

          The good news is, for anything that isn’t exclusive, ie on Steam or even Epic/GOG, there are options. I use a piece of software called ALVR. You install the ALVR server on your PC and the client on your Quest 2 (look into how to use Sidequest if you havent already). You launch both pieces of software, launch SteamVR on your PC, make sure the ALVR server sees it, connect the Quest client to the server, and voila, wireless PCVR on Linux. I’d say the performance is at ~85% of what you could expect on Windows natively, give or take 5 or 10% depending on your setup. By no means unplayable.

          There is also OpenComposite. I know much less about this so it would be worth doing some research, but it basically bypasses SteamVR entirely. This would be especially handy for, for example, a VR game installed via Heroic Launcher (Epic, GOG, and Amazon games), where getting a game that requires SteamVR to actually see SteamVR would be a huge headache due to the separate prefixes/wine versions. There may be a way to accomplish that, but from what I can tell, OpenComposite is specifically designed to help avoid those headaches.

  • Mactan@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    4 months ago

    windows update can and will always find your dual boot eventually and break it

  • rockSlayer@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    4 months ago

    CVE-2022-2601 was discovered in 2022, but for unclear reasons, Microsoft patched it only last Tuesday.

    I respect their journalistic integrity for not speculating, but it was definitely because the NSA was exploiting it.

        • porous_grey_matter@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          4 months ago

          No, they really are. No doubt they do plenty of stuff at the behest of the NSA, but they are also a deeply disfunctional company with conflicts between departments and bare minimum funding for security, since it’s seen as a cost centre

        • Possibly linux@lemmy.zip
          link
          fedilink
          English
          arrow-up
          0
          ·
          4 months ago

          I hate to break it to you but why would the NSA need a security hole in secure boot. They already have all your data from Windows plus Microsoft has the decryption keys.

          • HumanPenguin@feddit.uk
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            Because some users are putting that data on Linux. So they want Linux to be killed.

            They can’t change grub. But they sure as hell can convince micro$org to search for and nuke it.

            Of course no idea if this happened. Just answering why they would might want to.

  • lily33@lemm.ee
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    4 months ago

    I’m confused - why is Microsoft trying to - or expected to, by the article authors - patch a vulnerability in GRUB?

  • Wispy2891@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    4 months ago

    If it’s a Linux problem why Microsoft has to patch it?

    It’s like if someone gives you a ride to the hospital and the doctor treats him instead of you

    • endofline@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      Because people cannot block darn windows updates. Its a real malware only allowed by law

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        Microsoft: you can have security updates

        Users: good

        Microsoft: just keep in mind they will make major changes and will totally change the desktop and settings.

        Users: wait what Microsoft Edge opens