Release of a new ActiveX Security Patch for older versions of Quickbooks
QuickBooks ActiveX Security Patch
Last updated: May 31, 2011
Article ID: INF15490
What products are affected?
Quickbooks 2010 in the U.S and Canada, released in September 2009, is not affected by this vulnerability. All UK users should have already their systems secure after the install of the scheduled R12 release.
QuickBooks 2009 family of products
QuickBooks 2008 family of products
QuickBooks Multicurrency Edition
QuickBooks 2009 family of products
QuickBooks 2007 family of products
QuickBooks 2008 UK and South Africa (No action required if you are already on R12)
QuickBooks 2006 UK and South Africa (No action required if you are already on R12)
QuickBooks Simple Start, Pro, Premier and Enterprise – versions 2007 to 2009
Frequently Asked Questions and Answers about these updates
What if I’ve uninstalled one of these products and no longer use it? Do I still need the patch?
If you have uninstalled QuickBooks, you should not be vulnerable to these vulnerabilities. If you have installed multiple versions of QuickBooks, you will be vulnerable if any identified version is still installed. Uninstalling all identified versions of the software will remove the vulnerability from your system. When uninstalling multiple versions, ensure that you uninstall the most recent version of the software last.
How do I download and install the patch?
All users of an identified version of Quickbooks should download the security update. Click here to see how you can download automatic product updates. A patch is also provided on our support site if you can't use your automatic update feature. To download the patch for the canadian versions click here and choose your Quickbooks version. SuccesPME customers can download the patch here. For the UK products, this fix was already included in the R12 patch.
How do I check that the security patch has been applied?
If the security update has been applied, the QuickBooks release level will be updated to the latest version. To get this information, open QuickBooks, and press the F2 key. In the display, you should see the product version information in the first line. Versions of QuickBooks with the updates applied are the following:
QuickBooks 2009 R6
QuickBooks 2008 R8
QuickBooks Multicurrency R24
QuickBooks SuccèsPME 2009 R6
QuickBooks SuccèsPME 2007 R7
QuickBooks (UK) 2006 R12
QuickBooks (UK) 2008 R12
What operating systems are supported?
The security update is available for all operating systems used by any identified versions of the Quickbooks applications: Windows XP, Windows Vista, and Windows 2000. [If you are running Windows 98 or Windows ME, you need to have Internet Explorer 6.0 or later installed before you can install the update. Go to the Internet Explorer 6 Downloads Web page to install a more recent version of IE. ] Note: Intuit products for Apple MacOS X are not affected.
What if I have multiple Intuit products? Do I need to download and install the patch for each one?
If you have installed more than one affected version of Quickbooks, you should apply patches for each version.
I still have a trial version of Quickbooks installed on my system. Do I still need to apply the security patch?
Yes. If you have any trial versions of Quickbooks installed on your system, you should download and install the security patch.
I only use the Internet on a periodic basis. Do I still need to download the security patch?
Yes. If you installed an affected version of Quickbooks on your computer, the vulnerability poses a security risk regardless of whether you are currently connected to the Internet. We recommend that all affected users download and install the security patch.
How do I ensure that my computer has not already been compromised?
If you have anti-virus software installed and have updates run automatically, the anti-virus software should detect the presence of any malware on your computer. If you want to determine if your computer has malware on it, run a complete scan of your computer using an anti-virus software product.
I’m the administrator of my office network. Some machines have had QuickBooks installed at some point but don’t any longer, and aren’t getting automatic updates. What should I do to secure my network?
If you’d had QuickBooks installed on some computers at some point, and are no longer running QuickBooks on those machines and receiving automatic updates, you can secure these machines by following these steps:
1. Copy the following text to a file with the “.REG” suffix. Windows Registry Editor Version 5.00
2. Import this into the registry by double clicking on the .Reg file and it will automatically be imported. This will disable the affected ActiveX controls.
What if I use QuickBooks 2007 or a previous version?
Intuit wants your data to be safe. We recommend you upgrade to a newer version of QuickBooks (2008 or later) as soon as possible and follow the instructions to update that version. QuickBooks 2007 and prior versions are no longer supported and Intuit does not release updates for these products.