QuickBooks™ Desktop Security Threat Update

Description: Intuit has identified, and is implementing an update to address a security vulnerability in QuickBooks™ desktop software. This has no impact on QuickBooks™ Online.

Detailed Instructions: For supported versions of QuickBooks™ desktop, Intuit has begun the process of proactively notifying customers of the steps required to install an update, which is designed to address the security vulnerability.

  • The update includes password controls to verify that the person attempting to access an account is authorized. Intuit expects all customers to install the necessary security updates.
  • All users who have the “credit card protection” feature on, or have credit card data in their QuickBooks™ company file, will be asked to set up a password.
  • Furthermore, the administrator account holder will be notified if users have not set up a password. This will give the administrator account holder the ability to recommend that users create a password, or to assign a password directly to these users. This will enhance security by requiring that all users with access to the system use appropriate security credentials.
  • Customers using QuickBooks™ in multi-user mode will need to ensure that all users are on a supported version of QuickBooks™ and have installed the security update in order to address the security vulnerability.

To make sure that you are running the latest version perform the following steps:

  1. Open QuickBooks™, click Help > Update QuickBooks™.
  2. In the Overview tab, click Update Now.
  3. In the Update Now tab, make sure you have a check mark next to Maintenance Releases and Critical Fixes.
  4. Click Get Updates to start the download.
  5. Restart QuickBooks™, when the download has completed, to complete the update installation

More information on updating QuickBooks™ by this and alternative means is available here.

To verify that you have updated to include the new security features perform the following:

  1. With QuickBooks™ open, press the F2 key(or Ctrl 1) on your keyboard to open the Product Information Window.
  2. The first line Productshows your current version and your current release.
  3. For QuickBooks™ 2014/Enterprise 14 the release should show R11P, while for QuickBooks™ 2016/Enterprise 16 the release should show R5P +U#####

As per industry best practices, non-supported versions of QuickBooks™ desktop do not receive updates (QuickBooks™ desktop 2012 and earlier are unsupported). Customers using non-supported products are encouraged to upgrade to QuickBooks™ desktop 2016, the most current version. Customers who continue to use older, unsupported versions of QuickBooks™ desktop, could be putting their data at risk.

Intuit also wants to remind customers of precautions that they should always take to protect their accounts and data. These include:

  • All customers should set up a password for their QuickBooks™ desktop file, if they don’t already have one.
  • Customers should choose a strong user name and password. Use unique letters and numbers in a password, not basic words that can easily be found online or in the dictionary.
  • Customers should protect all personal information. Never give out a user name or password and make sure to use different passwords for each account.
  • We recommend that all customers upgrade to most resent version, QuickBooks™ desktop 2016.
  • We recommend that customers use secure methods, such as the Accountant’s Copy File Transfer (ACFT) service, when sharing QuickBooks™ files.
  • To protect yourself from phishing and other social engineering attacks, don’t open suspicious emails or email attachments.

At Intuit, we are committed to giving you the tools to protect your QuickBooks™ data. Thank you for taking action to apply the security fixes to your company file.

IPD

IPD for QuickBooks™ DT 2016 R5 customers (patch already installed)


Comments(0)

  1. Please Login to Add your Comments.

Add a Comment | Cancel