In August last year, dual-booting Windows and Linux on Secure Boot-enabled systems was broken due to a faulty security update that was meant to address a GRUB bootloader vulnerability that allowed malicious actors to bypass Secure Boot's safety mechanisms.
Luckily, there's now a proper fix for this, as Microsoft has quietly released a new patch on May 13, 2025, addressing the issue nine months after it was first reported.
Windows is Dual-boot Friendly Again
Just a placeholder image of the Windows Update page.
Labeled as KB5058385, the patch aims to mitigate the issues caused by the August 2024 security update by refining how Secure Boot Advanced Targeting (SBAT) detects and interacts with dual-boot systems, particularly those running Windows and Linux.
This improves the logic used to identify legitimate Linux bootloaders, preventing them from being incorrectly blocked or triggering "Security Policy Violation" errors during startup.
The fix is for affected Windows versions like Windows 11 23H2, 22H2, 21H2; Windows 10 21H2; and Windows Enterprise 2015 LTSB, Windows Server 2022, 2019, 2016, 2012, 2012 R2.
As for how to get this update, in usual Windows fashion, this patch will be automatically applied via Windows Update for affected installations. In my case, running Windows 11 24H2, KB5058385 doesn’t show up separately, so the fix might already be included, though Microsoft hasn’t confirmed this.
Closing Thoughts
While it's reassuring that Microsoft finally did something to address the issue, they took their sweet time getting there. Meanwhile, many dual-boot users were left with borked setups, having to use workarounds or disable Secure Boot altogether.
This occurrence highlights how slow they can be in fixing things when the issue isn’t related to their core Windows experience (read AI features), leaving niche, but important user groups like dual-boot Linux users in the dark.
Suggested Read 📖
It's FOSSAnkush Das
From It's FOSS News via this RSS feed