I think they demonstrated an answer this morning as everything seemed to turn to KAKA. 

From what I've read they merely have to update log4j and/or change a parameter.  Perhaps they will notify us when that is fixed?  Or not.  Keeping us informed on their operations isn't exactly something they do, until too many people speak up.  And I'm sorry if I hurt anyone's feelings, but most tax preparers are in the dark on this one!  Hopefully they have IT people in their organization keeping track of these things!

Hi there, 

I took a look into this for you and was able to find an article on the steps Intuit is taking in regards to this. 

Addressing the potential impact of the Log4j vulnerability for the industry, and Intuit 

Hope that helps!

-Betty Jo 

Thanks Betty Jo.

Honestly, it doesn't really help much at all, except to let me know that Intuit now knows it's an issue.  

The Blog post you directed me to should be streaming into the Lacerte Notifications!

Intuit should have already evaluated what exposure we have and notified us.  Should we not use Lacerte while connected to the internet?  How vulnerable is our data?  Or wouldn't it just be easier for Intuit to update log4j and be done with it?  

On second thought Betty Jo, that helped more than I thought.  Intuit's actions over these many years have always indicated, while stating how much they care about their customers and their data, that their actions probe otherwise.  They only do what they have to for their bottom line, lie to their customers, and hide the truth.  "Fire your accountant.  You don't need them anymore" - QuickBooks    "Free, Free, Free"  - TurboTax

The tax planning program is the one that has log4.jar installed.

I have also been trying for weeks to get anything out of Intuit about Log4j but it appears as though they are not doing anything about it.  Tax Planner has 2.x but Lacerte Tax has 1.x.

I've called support numerous times and reached out to every account rep I have.  No one has provided anything other than the boilerplate response they gave back on 12/15 that states they "take security seriously."

Clearly they don't take security seriously as customers everywhere are running Lacerte and Tax Planner installations that are vulnerable and Intuit is doing nothing about it.

All other vendors we work with specifically addressed this weeks ago.

Betty Jo, where is Intuit on this issue?????

Any updates on this?

Nothing but silence from Intuit.  If they weren't affected, you can be sure they would publicly state so.

Intuit customers should be asking their reps about this.