So, no booting into Windows until this is fixed then? Fine by me. Hell, might actually make me uninstall it completely and free some disk space...
Linux
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
Well... It's the opposite... People affected by this issue could not boot Linux...
Right, but you have to boot into Windows first to even get the update in the first place...
Hey Microsoft: Windows is yours, GRUB is mine. I don't give a shit if GRUB is vulnerable, I'll fix that myself if I choose to.
Mind your own fucking business. The most you should ever do is let me know about it, not try to patch things you aren't responsible for...
"secure" boot, the industry standard for ensuring that devices don't run software other than Windows during the bootup process
FTFY
CVE-2022-2601 was discovered in 2022, but for unclear reasons, Microsoft patched it only last Tuesday.
I respect their journalistic integrity for not speculating, but it was definitely because the NSA was exploiting it.
Ehhh that's likely enough, but Microsoft is also just shit at fixing things
Secure Boot is bullshit anyway
It is fine if you only accept signatures from yourself. However, that's a lot of work as you need to sign everything.
Good luck replacing the PKI on your system's Secure Boot firmware. Most platforms probably don't support it and have no documentation
I'm confused - why is Microsoft trying to - or expected to, by the article authors - patch a vulnerability in GRUB?
It was supposed to patch Secure Boot, not demolish GRUB.
That's why it's a problem.
I was interested too. It seems Microsoft has released a patch that blacklists vulnerable grub versions from being able to be secure booted even if they are signed properly:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2022-2601
The link was at the top of the article.
Maybe this update somehow affects your UEFI firmware, and it installs a list in there?
It was a Windows vulnerability that allowed an exploit box GRUB
it was a vulnerability in Grub tho, i understand the Microsoft hate but not to the extant of lying.
I get to dual boot at work (I run mint btw) and the only reason I ever boot into windows every week or three is to make sure it doesn’t get so out of date that it gets booted from the network.
I guess it’s time to stop that shit! Having windows available is not worth the risk of messing up my work machine. Hell I’m tempted to nuke that windows partition and double the size of my /home partition!
Though I will give Microsoft credit that m365 stuff, including video calls in Teams, work great using the web versions in Firefox. That’s even with the security and privacy stuff cranked up. I only white listed those sites for cookies and local storage for convenience.
This sort of ridiculousness is why I got two seperate drives (needed the extra space anyways) and choose which one to boot from the mobo EFI menu.
Yep, I don't even fuck with grub since that has fucked me over in the past too, I just go into the fucking bios and select it manually lmao
I just tried installing this patch tonight on my windows drive - not because I use windows, just to… you know… keep it updated and secure I guess.
It literally won’t even install. It just fails out every time. Whatever. Microsoft releases so many bad patches lately. WTH are they even doing over there? Windows used to be king and they’ve been screwing it up since 8 came out.
Microsoft fired its entire QA team 10 years ago, and shifted the responsibility for testing onto developers. They also got rid of their dedicated hardware lab where software would be tested on many different hardware combinations.
I have worked in two companies that made the same move of firing QA, and in both the quality of the released software took a marked dive. (In neither company did senior management admit that what everyone warned them would be a mistake was a mistake. Instead they blamed developers.)
These days Microsoft's testing team is whichever users receive each update first. They rely on users and telemetry to do what should be the job of dedicated testers.
This is hardly a new thing for MS. One of the first emails I remember getting when I got to college back in 2003 was from campus IT begging people not to install the latest XP update because it reenabled a vulnerability to existing malware.
Microsoft fired its entire QA team 10 years ago, and shifted the responsibility for testing onto developers. They also got rid of their dedicated hardware lab where software would be tested on many different hardware combinations.
That...makes SO much sense and explains a lot! Thanks for mentioning it.
windows update can and will always find your dual boot eventually and break it
So glad I recently removed Windows from my former dual boot system completely. Was sick of getting errors during Linux boot up after running Windows for that one piece of software I couldn't get to work in Wine or Bottles. The culprit I assumed was Windows updates, which I attempted to disable through the registry on several occasions. It would work for a short period and then Microsoft, in all their wisdom, would just reenable updates because clearly they know better than I what I want my system to do. The last time it happened was the final straw for me when I wanted to boot into Windows briefly only to be left waiting half an hour for Windows to apply updates on shutdown. Pissed me off so much I killed the power mid-update, booted up a live partition tool and wiped Windows off my system completely (updating the grub to remove dual boot). That's when I discovered that not properly shutting down Windows would mark my other drives dirty and make them read only. To fix this I ended up having to insert Windows installation media and pretend like I wanted to reinstall Windows 10 again. Once it got to the stage when it was about to write to the drive I cancelled the installation and rebooted back into Linux. Voilà! Could write to my drives again. To hell with Windows. I'd rather live without that one piece of software and have my system do what I want it to do rather than it second guess me and disregard my instructions. This whole automatic update thing really boiled my piss. At least with Linux I can choose to apply updates when it's convenient for me to do so.
Has SecureBoot ever accomplished anything vaguely resembling security?
Securing proprietary hardware against peeps installing alt OSes
Yeah, it made installing Linux more difficult, so it actually lowered computer security by pushing you to use windows
Maybe its finally time to get rid of my dual boot. I haven't used the windows side in like half a year...
I was shocked how little I need Windows. I went dual boot install but just... never booted Windows again. My games work. I'm happy. Why should I boot Windows?
Really I should just remove Windows but I'm lazy.
If it's a Linux problem why Microsoft has to patch it?
It's like if someone gives you a ride to the hospital and the doctor treats him instead of you
I'm not sure I follow that analogy, if you get a ride to a hospital you don't expect it to lock off all other destinations. What happens in the hospital is irrelevant.
From reading the article, this is more like if you walk into a hotel and they burn down your house so you have no choice but to stay. I suppose in theory you could argue in very bad faith that this is a problem with the house since it's the house that burned, but in reality the problem is the fact they're the ones who started the fire.
Because people cannot block darn windows updates. Its a real malware only allowed by law
Microsoft: you can have security updates
Users: good
Microsoft: just keep in mind they will make major changes and will totally change the desktop and settings.
Users: wait what Microsoft Edge opens
booting into windows?
Y'all, help a dummy out. I dual boot windows and Fedora. I only keep windows around for a very few college classes that require for screenwriting software. I have not booted into windows in months. I have a screenwriting class coming up in a week.
How worried should I be? I am not great with computers, I run fedora mostly because I support the philosophy of Linux, less for the techy stuff. Please advice, Linux people. I'm scurred.
Does that screenwriting software require a lot of performance? You might opt to install Windows into a virtual machine, as described here: https://www.windowscentral.com/how-setup-windows-10-virtual-machine-linux
Essentially you're using some software to emulate a computer inside your computer that can run any operating system you want. It doesn't need to touch your actual operating system installation, you can treat it as just another program. For your use case that sounds appropriate; you occasionally need to run specific software that has low system requirements. This way you can do that without risking Microsoft borking your Linux machine any time it feels like it.
“The SBAT value is not applied to dual-boot systems that boot both Windows and Linux and should not affect these systems,” the bulletin read. “You might find that older Linux distribution ISOs will not boot. If this occurs, work with your Linux vendor to get an update.”
Excuse me, those are the opposite of each other.
I use Debian and I also was affected by this Windows update. I was able to boot by disabling secure boot. I also found this option that apparently fixes the problem by changing the sbat policy using mokutil. But I haven't tried it out yet. Has anyone got any luck with something else besides disabling secure boot?
They had to know this would happen, right?
Like, they didn't think to test with a dual booting system? Wtf?
Where do they even get off fixing a bug in grub?
Always install rEFInd Always keep a rEFInd USB stick around Basic Computer 101
It ain't done til GRUB don't run?
CVE-2022-2601 was discovered in 2022, but for unclear reasons, Microsoft patched it only last Tuesday.