this post was submitted on 21 Aug 2024
389 points (100.0% liked)

Linux

1258 readers
70 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Last Tuesday, loads of Linux users—many running packages released as early as this year—started reporting their devices were failing to boot. Instead, they received a cryptic error message that included the phrase: “Something has gone seriously wrong.”

The cause: an update Microsoft issued as part of its monthly patch release. It was intended to close a 2-year-old vulnerability in GRUB, an open source boot loader used to start up many Linux devices. The vulnerability, with a severity rating of 8.6 out of 10, made it possible for hackers to bypass secure boot, the industry standard for ensuring that devices running Windows or other operating systems don’t load malicious firmware or software during the bootup process. CVE-2022-2601 was discovered in 2022, but for unclear reasons, Microsoft patched it only last Tuesday.

...

The reports indicate that multiple distributions, including Debian, Ubuntu, Linux Mint, Zorin OS, Puppy Linux, are all affected. Microsoft has yet to acknowledge the error publicly, explain how it wasn’t detected during testing, or provide technical guidance to those affected. Company representatives didn’t respond to an email seeking answers.

top 50 comments
sorted by: hot top controversial new old
[–] doctortofu@reddthat.com 106 points 3 months ago (1 children)

So, no booting into Windows until this is fixed then? Fine by me. Hell, might actually make me uninstall it completely and free some disk space...

[–] BaalInvoker@lemmy.eco.br 47 points 3 months ago (1 children)

Well... It's the opposite... People affected by this issue could not boot Linux...

[–] doctortofu@reddthat.com 61 points 3 months ago* (last edited 3 months ago) (1 children)

Right, but you have to boot into Windows first to even get the update in the first place...

[–] BaalInvoker@lemmy.eco.br 4 points 3 months ago (1 children)

But if you don't boot Windows first you'll not be affected by this issue. So my statement is correct

[–] RootBeerGuy@discuss.tchncs.de 36 points 3 months ago (2 children)

That's... What the person you replied to said in the first place.

[–] Boxscape@lemmy.sdf.org 16 points 3 months ago (1 children)

That's... What the person you replied to said in the first place.

[–] RootBeerGuy@discuss.tchncs.de 5 points 3 months ago

Nice meme, bro!

[–] Goun@lemmy.ml 3 points 3 months ago

No, they're literally saying the same thing

[–] todd_bonzalez@lemm.ee 89 points 3 months ago (2 children)

Hey Microsoft: Windows is yours, GRUB is mine. I don't give a shit if GRUB is vulnerable, I'll fix that myself if I choose to.

Mind your own fucking business. The most you should ever do is let me know about it, not try to patch things you aren't responsible for...

[–] kieron115@startrek.website 3 points 3 months ago

The update was meant to fix a situation where an attacker would somehow get grub onto a machine that was SINGLE booting windows and use grub to tamper with secureboot. this fix was meant to only apply in single boot situations where it should be entirely unexpected to see grub. as they said, something went seriously wrong.

load more comments (1 replies)
[–] hobbsc@lemmy.sdf.org 79 points 3 months ago (1 children)

"secure" boot, the industry standard for ensuring that devices don't run software other than Windows during the bootup process

FTFY

load more comments (1 replies)
[–] lily33@lemm.ee 57 points 3 months ago* (last edited 3 months ago) (1 children)

I'm confused - why is Microsoft trying to - or expected to, by the article authors - patch a vulnerability in GRUB?

[–] ReversalHatchery 15 points 3 months ago

I was interested too. It seems Microsoft has released a patch that blacklists vulnerable grub versions from being able to be secure booted even if they are signed properly:

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2022-2601

The link was at the top of the article.

Maybe this update somehow affects your UEFI firmware, and it installs a list in there?

[–] delirious_owl@discuss.online 56 points 3 months ago (1 children)

Secure Boot is bullshit anyway

[–] possiblylinux127@lemmy.zip 20 points 3 months ago (6 children)

It is fine if you only accept signatures from yourself. However, that's a lot of work as you need to sign everything.

[–] delirious_owl@discuss.online 12 points 3 months ago

Good luck replacing the PKI on your system's Secure Boot firmware. Most platforms probably don't support it and have no documentation

load more comments (5 replies)
[–] Zink@programming.dev 37 points 3 months ago (2 children)

I get to dual boot at work (I run mint btw) and the only reason I ever boot into windows every week or three is to make sure it doesn’t get so out of date that it gets booted from the network.

I guess it’s time to stop that shit! Having windows available is not worth the risk of messing up my work machine. Hell I’m tempted to nuke that windows partition and double the size of my /home partition!

Though I will give Microsoft credit that m365 stuff, including video calls in Teams, work great using the web versions in Firefox. That’s even with the security and privacy stuff cranked up. I only white listed those sites for cookies and local storage for convenience.

load more comments (2 replies)
[–] Kongar@lemmy.dbzer0.com 37 points 3 months ago (1 children)

I just tried installing this patch tonight on my windows drive - not because I use windows, just to… you know… keep it updated and secure I guess.

It literally won’t even install. It just fails out every time. Whatever. Microsoft releases so many bad patches lately. WTH are they even doing over there? Windows used to be king and they’ve been screwing it up since 8 came out.

[–] floofloof@lemmy.ca 44 points 3 months ago* (last edited 3 months ago) (2 children)

Microsoft fired its entire QA team 10 years ago, and shifted the responsibility for testing onto developers. They also got rid of their dedicated hardware lab where software would be tested on many different hardware combinations.

I have worked in two companies that made the same move of firing QA, and in both the quality of the released software took a marked dive. (In neither company did senior management admit that what everyone warned them would be a mistake was a mistake. Instead they blamed developers.)

These days Microsoft's testing team is whichever users receive each update first. They rely on users and telemetry to do what should be the job of dedicated testers.

[–] suburban_hillbilly@lemmy.ml 19 points 3 months ago

This is hardly a new thing for MS. One of the first emails I remember getting when I got to college back in 2003 was from campus IT begging people not to install the latest XP update because it reenabled a vulnerability to existing malware.

[–] Zoop 13 points 3 months ago

Microsoft fired its entire QA team 10 years ago, and shifted the responsibility for testing onto developers. They also got rid of their dedicated hardware lab where software would be tested on many different hardware combinations.

That...makes SO much sense and explains a lot! Thanks for mentioning it.

[–] rem26_art@fedia.io 32 points 3 months ago (3 children)

Maybe its finally time to get rid of my dual boot. I haven't used the windows side in like half a year...

[–] henfredemars@infosec.pub 19 points 3 months ago

I was shocked how little I need Windows. I went dual boot install but just... never booted Windows again. My games work. I'm happy. Why should I boot Windows?

Really I should just remove Windows but I'm lazy.

[–] thingsiplay 11 points 3 months ago (3 children)

And each time you want to use Windows, you have to go through hoops and updates of Windows and then updates of the applications (and possibly games) to just do the work you intended to boot into. I had Windows for a few years in dual mode too and know the problems of a Windows system that is not used often.

If you really need some applications, then consider using a VM (however doesn't solve the updates and usability issue of Windows). Off course some games won't work, but if its not a game then maybe you can finally get rid of your dual boot.

load more comments (3 replies)
[–] Confused_Emus@lemmy.dbzer0.com 4 points 3 months ago

Go for it! You can always do a Windows VM for the rare times you may need it - if at all.

[–] northmaple1984@lemmy.ca 30 points 3 months ago (1 children)

This sort of ridiculousness is why I got two seperate drives (needed the extra space anyways) and choose which one to boot from the mobo EFI menu.

[–] Microplasticbrain@lemm.ee 11 points 3 months ago

Yep, I don't even fuck with grub since that has fucked me over in the past too, I just go into the fucking bios and select it manually lmao

[–] mactan@lemmy.ml 26 points 3 months ago (1 children)

windows update can and will always find your dual boot eventually and break it

load more comments (1 replies)
[–] dharmacurious@slrpnk.net 23 points 3 months ago (19 children)

Y'all, help a dummy out. I dual boot windows and Fedora. I only keep windows around for a very few college classes that require for screenwriting software. I have not booted into windows in months. I have a screenwriting class coming up in a week.

How worried should I be? I am not great with computers, I run fedora mostly because I support the philosophy of Linux, less for the techy stuff. Please advice, Linux people. I'm scurred.

[–] beefbot@lemmy.blahaj.zone 9 points 3 months ago

Sorry idk specifically how to avoid the update, but the linked ArsTechnica article has some advice

Someone here advised & I’d agree: use a Windows VM, for things you haven’t found the Linux version of yet.

Windows’s plan to screenshot everything will include your private artistic work too, so you’ll be doing yourself a favor

[–] addie@feddit.uk 7 points 3 months ago (1 children)

When I was still dual-booting Windows and Linux, I found that "raw disk" mode virtual machines worked wonders. I used VirtualBox, so you'd want a guide somewhat like this: https://superuser.com/questions/495025/use-physical-harddisk-in-virtual-box - other VM solutions are available, which don't require you to accept an agreement with Oracle.

Essentially, rather than setting aside a file on disk as your VM's disk, you can set aside a whole existing disk. That can be a disk that already has Windows installed on it, it doesn't erase what you have. Then you can start Windows in a VM and let it do its updates - since it can't see the bootloader from within the VM, it can't fuck it up. You can run any software that doesn't have particularly high graphics requirement, too.

I was also able to just "restart in Windows" if I wanted full performance for a game or something like that, but since Linux has gotten very good indeed at running games, that became less and less necessary until one day I just erased my Windows partition to recover the space.

load more comments (1 replies)
[–] ReversalHatchery 6 points 3 months ago (1 children)

However bad that sounds, you're probably best off disabling all updates in windows. O&O shutup10 has a setting for that. Download it to a pendrive with Linux, and boot windows with network unplugged.

load more comments (1 replies)
[–] interdimensionalmeme@lemmy.ml 5 points 3 months ago

If you have trouble make a rEFInd USB stick and boot that

[–] possiblylinux127@lemmy.zip 5 points 3 months ago (2 children)

Does your device have 16gb of ram? If so install Windows in Virtual manager with the guest addons. It will allow copy and paste along with lots of other features while keeping Windows in its own area.

load more comments (2 replies)
[–] Iapar@feddit.org 4 points 3 months ago (11 children)

What do you use? Maybe there is a Linux alternative to that so you don't have to bother with a VM.

load more comments (11 replies)
[–] areyouevenreal@lemm.ee 4 points 3 months ago (1 children)

Do you know which bootloader you have? There are two popular ones in use currently, one called systemd boot, the other is called grub. From reading this post only grub seems to be affected. I don't really know which one fedora defaults to at the moment, and it likely depends on what happened during the installation process as well.

load more comments (1 replies)
[–] Presently42@lemmy.ca 3 points 3 months ago (7 children)

Out of curiosity, have you tried Fade In?

load more comments (7 replies)
load more comments (11 replies)
[–] darkmogool@feddit.org 22 points 3 months ago

booting into windows?

it's been 84 years…

[–] Liz@midwest.social 14 points 3 months ago

“The SBAT value is not applied to dual-boot systems that boot both Windows and Linux and should not affect these systems,” the bulletin read. “You might find that older Linux distribution ISOs will not boot. If this occurs, work with your Linux vendor to get an update.”

Excuse me, those are the opposite of each other.

[–] interdimensionalmeme@lemmy.ml 14 points 3 months ago (5 children)

Always install rEFInd Always keep a rEFInd USB stick around Basic Computer 101

load more comments (5 replies)
[–] thingsiplay 12 points 3 months ago

CVE-2022-2601 was discovered in 2022, but for unclear reasons, Microsoft patched it only last Tuesday.

[–] chanteoma@lemmy.ml 11 points 3 months ago (1 children)

I use Debian and I also was affected by this Windows update. I was able to boot by disabling secure boot. I also found this option that apparently fixes the problem by changing the sbat policy using mokutil. But I haven't tried it out yet. Has anyone got any luck with something else besides disabling secure boot?

[–] possiblylinux127@lemmy.zip 7 points 3 months ago

Windows into a VM

[–] JasonDJ@lemmy.zip 10 points 3 months ago

They had to know this would happen, right?

Like, they didn't think to test with a dual booting system? Wtf?

Where do they even get off fixing a bug in grub?

[–] possiblylinux127@lemmy.zip 6 points 3 months ago

I'm sure it was a terrible misunderstanding.

Anyway they are only hurting themselves.

[–] laurelraven@lemmy.blahaj.zone 5 points 3 months ago

It ain't done til GRUB don't run?

load more comments
view more: next ›