I blame Linux distributions for not updating when the security vulnerability has been fixed for years a little more than I blame Microsoft for untrusting old vulnerable software versions. That said, failing to figure out if it is dual booting or not when there are multiple ways of doing it was not really a surprise.
(I also remember when some Fedora ISOs were unbootable immediately after release a few years ago for similar issues, they hadn’t updated shim or similar)