Basket
- Release of a new ActiveX Security Patch for older versions of QuickBooks
Do I need to install the QuickBooks ActiveX Security Patch?
Following is what the US announced on 26 October. For the UK products, this fix has already been incorporated in to to the R12 product update. Please install the R12 update if you have not done so to ensure you eliminate this vulnerability.
Here is what the US announced regarding the ActiveX Security update:
We’ve recently released a fix to address a security vulnerability within QuickBooks. The issue was related to the use of ActiveX technology in QuickBooks. On learning about the issue, we fixed the problem, tested the fixes within affected versions of the software, and have released updates that will address the vulnerabilities. We are unaware of any customers affected. This vulnerability does not affect the recently released Quickbooks 2010 in Canada.
Intuit is notifying customers that we have identified, and created a solution for, a potential security vulnerability in some of our Quickbooks desktop software . We know of no cases where someone has taken advantage of this vulnerability. However, if exploited, it could allow a hacker to access the data on your computer. Downloading the update and applying these product updates will eliminate this vulnerability, so it’s important for every customer to install this update.
Two ActiveX controls were affected. These are HtmlHelper.dll and QBInstanceFinder.dll.
Quickbooks 2010 in the U.S and Canada, released in September 2009, is not affected by this vulnerability.
Affected products:
U.K. Products
- Quickbooks 2008 UK and South Africa (No action required if you are already on R12)
- QuickBooks 2006 UK and South Africa (No action required if you are already on R12)
Canadian Products
English
- Quickbooks 2009 family of products
- Quickbooks 2008 family of products
- Quickbooks Multicurrency Edition
French:
- Quickbooks 2009
- QuickBooks 2007
U.S. Products
- QuickBooks Simple Start, Pro, Premier and Enterprise – versions 2007 to 2009
What if I’ve uninstalled one of these products and no longer use it? Do I still need the patch?
If you have uninstalled QuickBooks, you should not be vulnerable to these vulnerabilities. If you have installed multiple versions of QuickBooks, you will be vulnerable if any affected version is still installed. Uninstalling all affected versions of the software will remove the vulnerability from your system. When uninstalling multiple versions, ensure that you uninstall the most recent version of the software last.
How do I check to see that I have R12 installed?
Press F2 to display the Product Information window in QuickBooks. If this update is installed, you'll see Release R12 or higher in the Product line.
What operating systems are supported?
The security patch is available for all operating systems used by affected Intuit applications: Windows XP, Windows Vista, and Windows 2000. Intuit products for Apple MacOS X are not affected.
If you are running Windows 98 or Windows ME, you need to have Internet Explorer 6.0 or later installed before you can install the update. Go to the Internet Explorer 6 Downloads Web page to install a more recent version of IE.What if I have multiple Intuit products? Do I need to download and install the patch for each one?
If you have installed more than one affected version of Quickbooks, you should apply an update for each version.
I still have a trial version of Quickbooks installed on my system. Do I still need to apply the security patch?
Yes. If you have any trial versions of Quickbooks installed on your system, you should download and install the security patch.
I only use the Internet on a periodic basis. Do I still need to download the security patch?
Yes. If you installed an affected version of Quickbooks on your computer, the vulnerability poses a security risk regardless of whether you are currently connected to the Internet. We recommend that all affected users download and install the security patch.
How do I ensure that my computer has not already been compromised?
If you have anti-virus software installed and have updates run automatically, the anti-virus software should detect the presence of any malware on your computer. If you want to determine if your computer has malware on it, run a complete scan of your computer using an anti-virus software product.
I’m the administrator of my office network. Some machines have had QuickBooks installed at some point but don’t any longer, and aren’t getting automatic updates. What should I do to secure my network?
If you’d had QuickBooks installed on some computers at some point, and are no longer running QuickBooks on those machines and receiving automatic updates, you can secure these machines by following these steps: (Warning- serious problems might occur if you modify the registry incorrectly. Please consult with an IT administrator or personnel before proceeding)
1. Copy the following text to a file with the “.REG” suffix.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{596801D8-2C9D-4627-9C67-195CB81B655A}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{03C3A013-02F2-4e56-87A8-B74A7C5DC75B}]
"Compatibility Flags"=dword:00000400
2. Import this into the registry by double clicking on the .Reg file and it will automatically be imported. This will disable the affected ActiveX controls.
What if I use an unsupported version of QuickBooks (2005 or earlier)?
Intuit wants your data to be safe. We recommend you upgrade to a newer version of QuickBooks as soon as possible and follow the instructions to update that version. QuickBooks 2005 and prior versions are no longer supported and Intuit does not release updates for these products.
|
|
