Important Information for Sage 50 - U.S. Edition Folder Permissions

All Windows 7/Windows Server 2008 R2 Users for all versions of Sage 50 US through 2018.2 (expected to release March 2018):

During the installation process, users of Windows 7 and Windows Server 2008 R2 had permissions applied to some installation folders that have now been identified as posing a potential security risk. We have created a utility, which must be run on all Windows 7/Windows Server 2008 R2 computers with Sage 50 installed, that will adjust those permissions to address this potential security risk. You will need to re-run the utility any time you install a new release version of the product (e.g., users with a 2017 version of any kind will need to run the utility if they update to a 2018 version; updates within versions, such as an update from 2018.1 to 2018.2, will not require running the utility. In certain instances, it may be preferable to manually set permissions on the Sage 50 program path folders as an alternative to running the utility. Please follow KB 89438 for instructions on accessing and running this utility, as well as manually setting folder permissions.

For this security risk to be exploited, an unauthorized user would need to have access to either your computer or to your local area network.

All Network/Multi-User Installations (including Windows 7/Windows Server 2008 R2) for all versions of Sage 50 US through 2018.2 (expected to release March 2018): 

In addition, it has been brought to our attention that granting full permission of shared data files to the group "EVERYONE" presents a potential security risk. To ensure proper operation:

  • Only the groups "SYSTEM" and "Administrators" should be given "Full Control" on both the "Sharing Permissions" and "Security" tabs on the shared folder. Note: By default Windows gives the group "EVERYONE" read access, which should not be changed.
  • If you do not wish to use these groups, the specific Windows user names for each user may be substituted.
  • Be sure to contact your system administrator for assistance as modifying Windows security incorrectly can severely affect system operations.
  • Please reference KB 10211 for more information. 

For this security risk to be exploited, an unauthorized user would need to have access to either your computer or to your local area network.

Important: Failure to update your folder permissions exposes your information to increased security risks. Sage advises all users to make the modifications described above as soon as possible.  

Sage would like to thank Ken Pyle, DFDR Consulting at consult@dfdrconsulting.com, for bringing this potential security vulnerability to our attention.

To learn more about how security issues for file and folder permissions work, please see this article from Microsoft.

If you have any questions, please contact Sage Customer Support by chatting with us or calling us at 1-866-747-3888.

For tips to be sure you are contacting "the real Sage" for software assistance, please reference the Sage City post.

Anonymous