In case you didn’t see the news… only impacts the online version….
This threat is well mitigated by the fact that everytime you log into Quickbooks Online Edition and there is an update to the Active-X control it’s a mandatory update and happens automatically. Since this flaw isn’t present in the current version anyone actually using the product shouldn’t be effected. In my estimation the only people potentially volunerable would be those who have used it in the past but aren’t using it now. Those folks should uninstall the old control. In IE7 the location to do so, is Tools\Manage Add-Ons\Enable or Disable Add-Ons. Once here change the drop down menu to Installed Active-X controls and delete the old Quickbooks control. If you happen to decide to log into Quickbooks again in the future, it will automatically install the newest version for you.
But if you are a CPA firm with few clients on the online version and only log in occasionally you could find yourself with that active X on your system and not realize that it now needs an update.
Scanning systems for third party non MS software with security issues is getting worse, not better IMHO.
Those same CPA firms have other problems too.Typically you guys run old versions of various software packages that are never updated and are swiss cheese with holes that won’t be patched. I think you have one of the more difficult security scenarios and the regulatory nightmare to go with it.
Ordinary customers of quickbooks online won’t be exposed to this problem.