A newly discovered serious vulnerability that affects most Linux and Windows installations, including servers, opens the door to hackers to run riot.

Discovered by security researchers at enterprise device security firm Eclypsium Inc. and revealed today, the “BootHole” vulnerability resides in the GRUB2 bootloader utilized by most Linux systems. GRUB2, the latest version of GNU GRUB is the first software program that runs when a computer starts. With Linux installations, it’s responsible for loading and transferring control to the operating system kernel.

BootHole exploits a vulnerability in GRUB2 to gain arbitrary code execution during the boot process, even when Secure Boot is enabled. Attackers exploiting this vulnerability are said to be able to install persistent and stealthy bootkits or malicious bootloaders that could give them near-total control over the victim device.

The vulnerability is also said to affect systems using Secure Boot, even if they are not using GRUB2. Nearly all signed versions of GRUB2 are vulnerable meaning virtually every Linux distribution is affected. In addition, GRUB2 supports other operating systems, kernels and hypervisors such as Xen.

It gets worse yet: The researchers said the vulnerability extends to any Windows device that uses Secure Boot with the standard Microsoft Corp. Third Party UEFI Certificate Authority. “Thus the majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries,” the researchers said.

Eclypsium has already contacted operating system providers and computer manufacturers. Mitigation of the vulnerability requires new bootloaders to be signed and deployed, and vulnerable bootloaders should be revoked to prevent adversaries from using older, vulnerable versions in an attack. “This will likely be a long process and take considerable time for organizations to complete patching,” the researchers noted.

Image: Eclypsium