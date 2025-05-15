It is known that Patch Tuesday updates can often lead to big issues and something just like that happened last year in August. The security update had broken dual-booting Windows 11 and Linux systems as GNU distros like Debian, Ubuntu, Linux Mint, Zorin OS, Puppy Linux, were all affected.

A couple of days later, Microsoft provided a slightly lengthy workaround that involved tweaking around with policies and the Registry in order to fix the problem. The company also explained that the root of the issue was a buggy SBAT (Secure Boot Advanced Targeting) implementation in the Windows 11 August Patch Tuesday KB5041585.

For those who may be wondering, SBAT helps block outdated and potentially vulnerable bootloaders by checking the Secure Boot DBX. The Secure Boot DBX is a database of blacklisted UEFI executables. Microsoft explained:

After installing the August 2024 Windows security update, (KB5041585) or the August 2024 preview update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.” The August 2024 Windows security and preview updates apply a Secure Boot Advanced Targeting (SBAT) setting to devices that run Windows to block old, vulnerable boot managers. This SBAT update will not be applied to devices where dual booting is detected. On some devices, the dual-boot detection did not detect some customized methods of dual-booting and applied the SBAT value when it should not have been applied.

The problem has been resolved this week with the latest May 2025 Patch Tuesday under KB5058405. This also happens to coincide with the first Windows 11 Hotpatch update.