Last Tuesday, loads of Linux users—many running packages released as early as this year—started reporting their devices were failing to boot. Instead, they received a cryptic error message that included the phrase: “Something has gone seriously wrong.”
The cause: an update Microsoft issued as part of its monthly patch release. It was intended to close a 2-year-old vulnerability in GRUB, an open source boot loader used to start up many Linux devices. The vulnerability, with a severity rating of 8.6 out of 10, made it possible for hackers to bypass secure boot. CVE-2022-2601 was discovered in 2022, but for unclear reasons, Microsoft patched it only last Tuesday.
https://arstechnica.com/security/2024/08/a-patch-microsoft-spent-2-years-preparing-is-making-a-mess-for-some-linux-users/
Dan Goodin /
npub1z3…8qvzu
2024-08-21 01:08:09
Author Public Key
npub1z3lwfekw80j4ngzg6ky3ks202xr6uwnd4jttxzsd4euc9l55euvq48qvzuPublished at
2024-08-21 01:08:09Event JSON
{
"id": "e0008347d57e7216175016f3db23649123b08994bbb532a1912da9abc6a7b81b",
"pubkey": "147ee4e6ce3be559a048d5891b414f5187ae3a6dac96b30a0dae7982fe94cf18",
"created_at": 1724202489,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/@dangoodin/112997334356114919",
"web"
],
[
"proxy",
"https://infosec.exchange/users/dangoodin/statuses/112997334356114919",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/dangoodin/statuses/112997334356114919",
"pink.momostr"
],
[
"-"
]
],
"content": "Last Tuesday, loads of Linux users—many running packages released as early as this year—started reporting their devices were failing to boot. Instead, they received a cryptic error message that included the phrase: “Something has gone seriously wrong.”\n\nThe cause: an update Microsoft issued as part of its monthly patch release. It was intended to close a 2-year-old vulnerability in GRUB, an open source boot loader used to start up many Linux devices. The vulnerability, with a severity rating of 8.6 out of 10, made it possible for hackers to bypass secure boot. CVE-2022-2601 was discovered in 2022, but for unclear reasons, Microsoft patched it only last Tuesday.\n\nhttps://arstechnica.com/security/2024/08/a-patch-microsoft-spent-2-years-preparing-is-making-a-mess-for-some-linux-users/",
"sig": "def62df25bebb558369f0cc578d1222459edba1622a799918f551d92bfc755da4f35b86723c49804b8d991c0721ac34b3fdee19d2cd48208427ca9f6b4ffe9bd"
}