They updated the system key store to invalidate known vulnerable boot configurations. One of those configurations was old versions of Grub, which had a pre-boot exploit a couple of years ago.
The issue has already been patched for years, but it appears some Linux distros never bothered to update their system configuration. Not sure if this is a shortcoming of Grub or one of the distro maintainers that were affected, though.
In fact, Microsoft tried to not apply this patch on dual boot systems, leaving them vulnerable but working, but clearly their detection failed. I think their detection required chainloading the Windows bootloader or something?
Either way, the only Linux file that Windows will ever touch with updates is the “fallback for when the boot configuration is completely fucked” bootloader, which both Linux and Windows overwrite after installation, incase the boot configuration gets completely fucked. If you’re relying on that bootloader, you were always going to get fucked by some update eventually; either your installation failed or your motherboard is broken.