Dual-Boot Systems Issue with Linux Booting After Installing August 2024 Windows Security Update. The Windows security update released on August 13, 2024 (KB5041585) may cause problems for users with a dual-boot setup for Windows and Linux. Specifically, it can prevent Linux from booting correctly.
Microsoft has released the August 2024 patches, including Windows 11 updates KB5041585 and KB5041592 and the KB5041580 patch for Windows 10. A Windows security update is a patch or fix Microsoft releases to address vulnerabilities and issues in the Windows operating system.
The August 2024 Windows security update includes a Secure Boot Advanced Targeting (SBAT) feature to enhance security by blocking outdated and vulnerable boot managers.
In this post, you will find all the details about the issue with Linux booting. We will cover how the update can affect your dual-boot setup, the specific errors you might encounter, and possible solutions to address these problems.
Table of Contents
What is SBAT?
SBAT is a Secure Boot Advanced Targeting. It is a security feature that helps protect Windows systems by blocking outdated and vulnerable Linux EFI (Shim bootloaders) from running.
Dual-Boot Systems Issue with Linux Booting after Installing Windows Security Updates
This issue originates from OS Build 22621.4037, associated with update KB5041585, released on August 13, 2024. The status was confirmed and documented on August 21, 2024, at 18:33 PT, with the last update recorded simultaneously.
- Windows 11 Version Numbers Build Numbers Major Minor Build Rev
- Updated Windows 11 End-of-Life Dates
- Best Guide to Remove Windows Update Features Access with Intune
Secure Boot Advanced Targeting SBAT
The August 2024 security update introduces Secure Boot Advanced Targeting (SBAT) and affects Linux Extensible Firmware Interface (EFI). It applies SBAT to Windows systems to block outdated Linux EFI (Shim bootloaders) from running.
It should not affect systems that run both Windows and another operating system, like Linux. However, sometimes, the update mistakenly applies to these dual-boot systems. This can cause problems starting Linux and show errors related to Secure Boot.
The update should not apply to dual-boot systems with Windows and Linux, but older Linux ISO images might fail to boot if it does. In such cases, contact your Linux vendor for an updated ISO image.
Workaround
If you have not rebooted your device after installing the August 2024 update, you can use the opt-out registry key to prevent the update from being applied. This will stop the update from being installed, and you can delete the registry key later if you decide to install future SBAT updates.
- Manage Automatic Drivers Installation with Windows Updates in Windows 11
- Windows 10 Version Numbers Build Numbers Major Minor Build Rev
- Updated Windows 10 End of Life Dates
Registry Modification Instructions
This documentation includes instructions for modifying the registry. Before making any changes, ensure you back up the registry to prevent potential issues. The table summarizes the steps for backing up and restoring the registry manually.
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\SBAT /v OptOut /d 1 /t REG_DWORD
Back Up the Registry Manually | Restore a Manual Backup |
---|---|
1. Select Start, type regedit.exe in the search box, and press Enter. If prompted, provide an administrator password or confirmation. | 1. Select Start, type regedit.exe, and press Enter. If prompted, provide an administrator password or confirmation. |
2. In Registry Editor, locate and click the registry key or subkey you want to back up. | 2. In Registry Editor, select File > Import. |
3. Select File > Export. | 3. In the Import Registry File dialog box, locate the backup file you saved, select it, and click Open. |
4. In the Export Registry File dialog box, choose the location to save the backup, type a name for the backup file, and select Save. |
Affected Platforms
Let’s discuss the affected platforms related to the issue with Linux booting after installing the August 2024 Windows security update. The following table provides more detailed information about the specific Windows versions and server editions impacted by this issue.
Versions | Server |
---|---|
Windows 11, version 23H2 Windows 11, version 22H2 Windows 11, version 21H2 Windows 10, version 22H2 Windows 10, version 21H2 Windows 10 Enterprise 2015 LTSB | Windows Server 2022 Windows Server 2019 Windows Server 2016 Windows Server 2012 R2 Windows Server 2012 |
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.