[SCHiM]

It's quite a painful split that Microsoft is in given their commitment to backwards compatibility.

The exploit can still be deployed by malicious actors on patched devices because they can bring old vulnerable signed bootloaders. And roll back any applied patches.

These old signed bootloaders could technically by revoked, but if Microsoft does that then all old backups, possibly going back years, will no longer boot when restored. I can imagine there's many hundreds of thousands of backups that would then be silently broken. Imagine you find that out when you restore after a disaster...

[formerly_proven]

Didn’t Microsoft do this already? I recall a Windows update blacklisting vulnerable Linux bootloaders in UEFI.

KB5012170

So if they don’t blacklist vulnerable ntldrs, it’d be clear evidence of unequal treatment.

[wkat4242]

I bet they are a lot more inclined to blacklist old Linux bootloaders than Windows ones, precisely because of this backup restore thing that the OP mentioned. They'll get the support burden if nothing else.

[aaronmdjones]

They won't boot immediately, but they can be trivially made to boot again by simply updating the Microsoft bootloader files on the EFI System Partition. You can even script this for PXE execution.