Action Required: Important Update to QuickBooks Desktop
Intuit has identified, and is implementing an update to address a security vulnerability in QuickBooks desktop software. This has no impact on QuickBooks Desktop for Mac or QuickBooks Online.
For supported versions of QuickBooks desktop, Intuit has begun the process of proactively notifying customers of the steps required to install an update, which is designed to address the security vulnerability.
The update includes password controls to verify that the person attempting to access an account is authorized. Intuit expects all customers to install the necessary security updates.
All users who have the "credit card protection" feature on, or have credit card data in their QuickBooks company file, will be asked to set up a password.
Furthermore, the administrator account holder will be notified if users have not set up a password. This will give the administrator account holder the ability to recommend that users create a password, or to assign a password directly to these users. This will enable you to enhance security by requiring that all users with access to the system use appropriate security credentials.
Customers using QuickBooks in multi-user mode will need to ensure that all users are on a supported version of QuickBooks and have installed the security update in order to address the security vulnerability.
- Open QuickBooks, click Help > Update QuickBooks.
- In the Overview tab, click Update Now.
- In the Update Now tab, make sure you have a check mark next to Maintenance Releases and Critical Fixes.
- Click Get Updates to start the download.
- Restart QuickBooks, when the download has completed, to complete the update installation
- With QuickBooks open, press the F2 key (or Ctrl 1) on your keyboard to open the Product Information Window.
- The second line Product number shows the product number and release.
- For QuickBooks 2013/Enterprise 13, the release should show R18_4. Anything less than R18 does not contain the fix. Anything less than 4 does not contain the fix.
- For QuickBooks 2014/Enterprise 14, the release should show R11_36. Anything less than R11 does not contain the fix. Anything less than 36 does not contain the fix.
- For QuickBooks 2015/Enterprise 15, the release should show R9_60. Anything less than R9 does not contain the fix. Anything less than 60 does not contain the fix.
- For QuickBooks 2016/Enterprise 16, the release should show R5_48. Anything less than R5 does not contain the fix. Anything less than 48 does not contain the fix.
Intuit also wants to remind customers of precautions that they should always take to protect their accounts and data. These include:
All customers should set up a password for their QuickBooks desktop file, if they don’t already have one.
Customers should choose a strong user name and password. Use unique letters and numbers in a password, not basic words that can easily be found online or in the dictionary.
Customers should protect all personal information. Never give out a user name or password and make sure to use different passwords for each account.
We recommend that all customers upgrade to most recent version, QuickBooks Desktop 2016.
We recommend that customers use secure methods, such as the Accountant's Copy File Transfer (ACFT) service, when sharing QuickBooks files.
To protect yourself from phishing and other social engineering attacks, don’t open suspicious emails or email attachments.
For more information, please visit https://community.intuit.com/articles/1370759-quickbooks-desktop-security-information.