Microsoft Finally Fixes Security Update That Broke Dual-Booting
Last August, a security update intended to address a GRUB bootloader vulnerability inadvertently broke dual-booting Windows and Linux on Secure Boot-enabled systems. This vulnerability allowed malicious actors to bypass Secure Boot's safety mechanisms. Nine months later, on May 13, 2025, Microsoft quietly released a patch (KB5058385) to fix the issue. The patch mitigates problems by refining how Secure Boot Advanced Targeting (SBAT) interacts with dual-boot systems, preventing legitimate Linux bootloaders from being blocked and avoiding "Security Policy Violation" errors. The fix applies to Windows 11 23H2, 22H2, 21H2; Windows 10 21H2; and Windows Enterprise 2015 LTSB, Windows Server 2022, 2019, 2016, 2012, 2012 R2. The patch is automatically applied via Windows Update.