QuickBooks Desktop Security Threat Update
Description: Intuit has identified, and is implementing an update to address a security vulnerability in QuickBooks desktop software. This has no impact on QuickBooks Online.
Detailed Instructions: For supported versions of QuickBooks desktop, Intuit has begun the process of proactively notifying customers of the steps required to install an update, which is designed to address the security vulnerability.
- The update includes password controls to verify that the person attempting to access an account is authorized. Intuit expects all customers to install the necessary security updates.
- All users who have the “credit card protection” feature on, or have credit card data in their QuickBooks company file, will be asked to set up a password.
- Furthermore, the administrator account holder will be notified if users have not set up a password. This will give the administrator account holder the ability to recommend that users create a password, or to assign a password directly to these users. This will enhance security by requiring that all users with access to the system use appropriate security credentials.
- Customers using QuickBooks in multi-user mode will need to ensure that all users are on a supported version of QuickBooks and have installed the security update in order to address the security vulnerability.
To make sure that you are running the latest version perform the following steps:
- Open QuickBooks, click Help > Update QuickBooks.
- In the Overview tab, click Update Now.
- In the Update Now tab, make sure you have a check mark next to Maintenance Releases and Critical Fixes.
- Click Get Updates to start the download.
- Restart QuickBooks, when the download has completed, to complete the update installation
More information on updating QuickBooks by this and alternative means is available here.
To verify that you have updated to include the new security features perform the following:
- With QuickBooks open, press the F2 key(or Ctrl 1) on your keyboard to open the Product Information Window.
- The first line Productshows your current version and your current release.
- For QuickBooks 2014/Enterprise 14 the release should show R11P, while for QuickBooks 2016/Enterprise 16 the release should show R5P +U#####
As per industry best practices, non-supported versions of QuickBooks desktop do not receive updates (QuickBooks desktop 2012 and earlier are unsupported). Customers using non-supported products are encouraged to upgrade to QuickBooks desktop 2016, the most current version. Customers who continue to use older, unsupported versions of QuickBooks desktop, could be putting their data at risk.
Intuit also wants to remind customers of precautions that they should always take to protect their accounts and data. These include:
- All customers should set up a password for their QuickBooks desktop file, if they don’t already have one.
- Customers should choose a strong user name and password. Use unique letters and numbers in a password, not basic words that can easily be found online or in the dictionary.
- Customers should protect all personal information. Never give out a user name or password and make sure to use different passwords for each account.
- We recommend that all customers upgrade to most resent version, QuickBooks desktop 2016.
- We recommend that customers use secure methods, such as the Accountant’s Copy File Transfer (ACFT) service, when sharing QuickBooks files.
- To protect yourself from phishing and other social engineering attacks, don’t open suspicious emails or email attachments.
At Intuit, we are committed to giving you the tools to protect your QuickBooks data. Thank you for taking action to apply the security fixes to your company file.
IPD for QBDT 2016 R5 customers (patch already installed)