Security vulnerability: patch just posted

This is one of the least favorite parts of our jobs. A security vulnerability is found, and it could affect your ProductCart-powered store. It’s the kind of think that makes us sick to our stomach.

This particular vulnerability is not specific to ProductCart. It takes advantage of a flaw in Microsoft Internet Information Service (IIS) version 6 (fixed in IIS v7 and above) to allow a hacker to run a script that has been uploaded to the store by disguising it as an image or other file.

To learn more and address the vulnerability:

  • Log into your store’s Control Panel
  • Click on “Check for Updates” (regardless of whether you are enrolled in the Support & Updates Plan or not: security patches are always available to all users)
  • You will be prompted to download the a file that includes details on the vulnerability and updated files for your store. Please carefully read the document that describes the steps to take.

Unfortunately cybercrime is part of cyperspace just like crime is part of our daily life. At Early Impact, we do our best to write software that is as secure as possible, and to react to any vulnerability as soon as one is found.

Thank you for your attention to this matter.

Best Regards,

The Early Impact Team