In August 2024, Microsoft released security update KB5041585 for Windows 11 versions 22H2 and 23H2, aiming to enhance system security by implementing Secure Boot Advanced Targeting (SBAT) protections. This update was designed to block outdated and potentially vulnerable bootloaders by updating the Secure Boot DBX, a database of blacklisted UEFI executables. However, the update inadvertently caused significant issues for users with dual-boot configurations involving Windows 11 and various Linux distributions, such as Ubuntu, Debian, and Linux Mint.
Users reported that after installing KB5041585, their Linux systems failed to boot, displaying the error message:
This error stemmed from the update's failure to correctly detect customized dual-boot setups. Consequently, the SBAT update was applied to systems where it should not have been, leading to boot failures for Linux installations. Microsoft acknowledged the issue, stating that the SBAT update was not intended for devices with dual-boot configurations but that the detection process missed some customized setups, resulting in the incorrect enforcement of the new security settings. (support.microsoft.com)
In response, Microsoft provided a workaround that required users to change system policies and edit the Windows Registry. The company explained that the SBAT update should not have been applied to devices with dual-boot configurations, but the detection process missed some customized setups and incorrectly enforced the new security settings. (support.microsoft.com)
Earlier this week, Microsoft released a fix as part of the May 2025 Patch Tuesday update, KB5058405. The update corrects the SBAT detection logic, restoring Linux boot functionality for affected users. (support.microsoft.com)
This incident highlights the complexities involved in maintaining compatibility across diverse system configurations, especially when implementing security measures like Secure Boot. While the intention behind KB5041585 was to enhance security by blocking vulnerable bootloaders, the oversight in detecting dual-boot setups led to unintended disruptions for users. Microsoft's prompt response and subsequent fix demonstrate the importance of addressing such issues swiftly to maintain user trust and system reliability.
For users who continue to experience issues, it is recommended to ensure that all system updates are applied and to consult official support channels for further assistance.
Source: extremetech.com Microsoft Fixes Windows 11 Update That Broke Dual-Boot Linux Systems
