No, This is a Microsoft Vulnerability, Not 'Linux' (and We Have Microsoft Garrett to Thank)
Microsoft and Linux are opposites. Don't be easily misled by the Linux Foundation et al. Microsoft pays them to play along and demonise the victims, so blame gets shifted to counterparts or those who merely take advantage of Microsoft's holes because racism is more powerful than facts.
THE above report - one of several that badmouth "Linux" - seems like another case of deja vu; it happens almost every year and we have Microsoft to 'thank' for it. Or its foot-soldiers, notably Matthew J Garrett, who attacked BSD and GNU/Linux users over a decade ago (next month it'll be 10 years since the FSF, an opponent of it, foolishly awarded the person who did this and would spend the next decade attacking the FSF). We're talking about stubborn minds here, still failing to admit it was a mistake and that we were right about it being used to lock GNU/Linux out (Lenovo does this already, as was foreseen since 2012 and expected all along; it prohibits anything but Windows on some models, based of fake claims of "security"). The people responsible for this deliberate mess have fled the scene. Not even maintaining the thing anymore! Microsoft Windows TCO is what's at stake here, not Linux. Microsoft employees like Mr. Lennart Poettering take this abomination even further by removing alternatives and adding TPM (better marketed back door-enabling frameworks, newer buzzwords too). The future, in their eyes, is another Windows NT, not GNU/Linux, and this time locked down, controlled remotely by companies like their employer (Microsoft).
"It's not like you and others have not warned about UEFI etc for many years and that is far from the first such incident," a reader told me about the above. "This is not a Linux problem but one directly from Redmond."
"Also, there have been a lot of articles recently which point out that Microsoft has been able to grow the ransomware problem from a fringe cottage industry into a monster with more than $1.1 billion per year revenue."
Microsoft profits from its own security mess; some victims pay the culprit some money, based on ridiculous misinformation such as this, wherein the author misrepresents Microsoft as an authority on computing and security.
Remember that the person who gave "you" (Microsoft) shim has no background in computer science, so he's in effect more like a mule or a hobbyist, akin to people who pretend to be physicians (but aren't qualified and give terrible health advice). █
Entryism remains a very big problem that persists even inside former rivals.