Need to block files by extension more urgent now - Quickbooks & MSIE

  • 26 April 2019
  • 1 reply

Badge +1
A new exploit has been discovered in Microsoft Internet Explorer 11 which allows .MHT files to be used for malicious purposes. This Forbes article explains that Microsoft has shown no interest in fixing it. Article linked here:

Since MSIE has become an obsolete browser, this may not seem like a pressing issue, but some widely used programs, such as Quickbooks for Windows REQUIRE MSIE 11 to be installed and operational in order for Quickbooks to function. In mid-2008, Intuit claimed that QuickBooks had 3.7 million users, representing 94.2% of the business accounting market. Maybe Intuit shouldn't have made QB dependent on MSIE, but they did, and millions of QB users out there are stuck with a requirement to maintain an active copy of an insecure MSIE browser on their systems. So, even if they would love to get rid of MSIE, they can't.

I checked the file requirements of Quickbooks, and the list does not include .MHT files. So QB would remain fully functional if users could use Webroot to selectively block .MHT files.

As far as justifying the effort to add this feature, Webroot might consider that this new feature would be appealing to millions of QB users out there who are stuck with a requirement to retain MSIE 11. This is true even with the latest version of QB, QB 2019. Perhaps Webroot could even persuade Intuit to agree to a joint promotional campaign where Intuit presents Webroot to its users as a security solution.

1 reply

Userlevel 3
Badge +10
You would be surprised by how many legitimate softwares use MHT files. They are super dangerous and always have been. You don't need to block them if you can detect malicious scripts. The dangerous code within them is no different than a malicious website, VBS, or PowerShell script. As long as Webroot can detect the attack coming out of the script then you don't need to block a whole file type. Some people do try to block BAT, CMD, PS1, VBS, etc. but eventually you will need to block EXE because those are dangerous. What we really need is behavior analytics that can detect suspicious behavior coming from ANY source.