QuickBooks™ Desktop Security Threat Update
Description: Intuit has identified, and is implementing an update to address a security vulnerability in QuickBooks™ desktop software. This has no impact on QuickBooks™ Online.
Detailed Instructions: For supported versions of QuickBooks™ desktop, Intuit has begun the process of proactively notifying customers of the steps required to install an update, which is designed to address the security vulnerability.
- The update includes password controls to verify that the person attempting to access an account is authorized. Intuit expects all customers to install the necessary security updates.
- All users who have the “credit card protection” feature on, or have credit card data in their QuickBooks™ company file, will be asked to set up a password.
- Furthermore, the administrator account holder will be notified if users have not set up a password. This will give the administrator account holder the ability to recommend that users create a password, or to assign a password directly to these users. This will enhance security by requiring that all users with access to the system use appropriate security credentials.
- Customers using QuickBooks™ in multi-user mode will need to ensure that all users are on a supported version of QuickBooks™ and have installed the security update in order to address the security vulnerability.
To make sure that you are running the latest version perform the following steps:
- Open QuickBooks™, click Help > Update QuickBooks™.
- In the Overview tab, click Update Now.
- In the Update Now tab, make sure you have a check mark next to Maintenance Releases and Critical Fixes.
- Click Get Updates to start the download.
- Restart QuickBooks™, when the download has completed, to complete the update installation
More information on updating QuickBooks™ by this and alternative means is available here.
To verify that you have updated to include the new security features perform the following:
- With QuickBooks™ open, press the F2 key(or Ctrl 1) on your keyboard to open the Product Information Window.
- The first line Productshows your current version and your current release.
- For QuickBooks™ 2014/Enterprise 14 the release should show R11P, while for QuickBooks™ 2016/Enterprise 16 the release should show R5P +U#####
As per industry best practices, non-supported versions of QuickBooks™ desktop do not receive updates (QuickBooks™ desktop 2012 and earlier are unsupported). Customers using non-supported products are encouraged to upgrade to QuickBooks™ desktop 2016, the most current version. Customers who continue to use older, unsupported versions of QuickBooks™ desktop, could be putting their data at risk.
Intuit also wants to remind customers of precautions that they should always take to protect their accounts and data. These include:
- All customers should set up a password for their QuickBooks™ desktop file, if they don’t already have one.
- Customers should choose a strong user name and password. Use unique letters and numbers in a password, not basic words that can easily be found online or in the dictionary.
- Customers should protect all personal information. Never give out a user name or password and make sure to use different passwords for each account.
- We recommend that all customers upgrade to most resent version, QuickBooks™ desktop 2016.
- We recommend that customers use secure methods, such as the Accountant’s Copy File Transfer (ACFT) service, when sharing QuickBooks™ files.
- To protect yourself from phishing and other social engineering attacks, don’t open suspicious emails or email attachments.
At Intuit, we are committed to giving you the tools to protect your QuickBooks™ data. Thank you for taking action to apply the security fixes to your company file.
IPD for QuickBooks™ DT 2016 R5 customers (patch already installed)