Intuit has issued an advisory warning of a security problem in some versions of its QuickBooks software that could allow hackers to access a users computer.
The vulnerability is through Microsofts ActiveX technology. Steve Seidenberg, a financial information consultant at Chicago-area accounting firm Porte Browns technology solutions unit, noted that the vulnerability is for users who are on QuickBooks Pro or Premier 2006 or QuickBooks Enterprise 6.0 and earlier. These versions are not supported by Intuit and therefore Intuit recommends upgrading to a supported version to remedy this issue, he said.
The security vulnerability has been corrected. Like all reputable software companies, we issue security patches and advisories, as a matter of course, when we find any sort of vulnerability, said a statement forwarded by Intuit spokesman Rich Walker. Our engineers and security team recently discovered and corrected an ActiveX issue that affected QuickBooks. ActiveX is a distributed object system and protocol technology developed by Microsoft. Many software and Web companies use ActiveX in their offerings. On learning about the issue, Intuit fixed the problem, tested the fixes within the identified versions of the software, and released updates that will address the vulnerabilities. To our knowledge, no customers were affected.
QuickBooks Pro and Premier 2010 and QuickBooks Enterprise 10.0, released in September 2009, have also corrected the issue, Seidenberg noted. He advised that in QuickBooks Pro and Premier 2007 or QuickBooks Enterprise 7.0 and greater, users can press the F2 key to verify the version and release number. If the release number is lower than the release number listed below, users can run the QuickBooks update program manually by selecting Help, Update QuickBooks, and pressing the Update Now button.
Product | Release # |
Pro/Premier 2007 | R13 |
| R13 |
Pro/Premier 2008 | R10 |
| R10 |
Pro/Premier 2009 | R8 |
| R8 |