Intuit has identified and is implementing an update to address a security vulnerability in QuickBooks Desktop software. This does not impact QuickBooks Online. Users of 2014 and 2016 supported versions of QuickBooks desktop and QuickBooks Enterprise should soon be receiving an email notification from Intuit with information, similar to that shown below, outlining the steps required to install an update which is designed to address the security vulnerability.
The update includes:
- Password controls to verify that the person attempting to access an account is authorized. Intuit expects all customers to install the necessary security updates.
- All users who have the "credit card protection" feature on, or have credit card data in their QuickBooks company file, will be asked to set up a password.
- Furthermore, the administrator account holder will be notified if users have not set up a password. This will give the administrator account holder the ability to recommend that users create a password, or to assign a password directly to these users. This will enhance security by requiring that all users with access to the system use appropriate security credentials.
- Customers using QuickBooks in multi-user mode will need to ensure that all users are on a supported version of QuickBooks desktop and have installed the security update.
To make sure that you are running the latest version perform the following steps:
- Open QuickBooks, click Help > Update QuickBooks.
- In the Overview tab, click Update Now.
- In the Update Now tab, make sure you have a check mark next to Maintenance Releases and Critical Fixes.
- Click Get Updates to start the download.
- When the download has completed, restart QuickBooks to complete the update installation.
To verify that you have updated to include the new security features perform the following:
- With QuickBooks open, press the F2 key (or Ctrl 1) on your keyboard to open the Product Information Window.
- The first line Product shows your current version and your current release.
- For QuickBooks 2014/Enterprise 14 the release should show R11P, while for QuickBooks 2016/Enterprise 16 the release should show R5P +U#####
As per industry best practices, non-supported versions of QuickBooks desktop do not receive updates (QuickBooks desktop 2012 and earlier are unsupported). Customers using non-supported products are encouraged to upgrade to QuickBooks desktop 2016, the most current version. Customers who continue to use older, unsupported versions of QuickBooks desktop, could be putting their data at risk.
Intuit also wants to remind customers of precautions that they should always take to protect their accounts and data. These include:
- All customers should set up a password for their QuickBooks desktop file, if they don’t already have one.
- Customers should choose a strong user name and password. Use unique letters and numbers in a password, not basic words that can easily be found online or in the dictionary.
- Customers should protect all personal information. Never give out a user name or password and make sure to use different passwords for each account.
- Intuit recommends all customers upgrade to most resent version, QuickBooks desktop 2016.
- Intuit recommends customers use secure methods, such as the Accountant's Copy File Transfer (ACFT) service, when sharing QuickBooks files.
- To protect yourself from phishing and other social engineering attacks, don’t open suspicious emails or email attachments.
Helpful Hint: To turn on the automatic updates feature in QuickBooks desktop so that you automatically receive any future updates when they are released, choose Help > Update QuickBooks. On the Options tab, select Yes for Automatic Update.
Please contact us if you have any questions pertaining to Intuit's security update for QuickBooks Desktop.