Critical Windows Bug Fix: March 20, 2017

Last Updated: Mar 23, 2017 10:04AM EDT


We recently became aware of a strange issue that surfaced ‘out-of-the-blue’ on several ProductCart stores, all hosting in different data centers and using different versions of the software. This is very unusual, since nothing had changed on the ProductCart-side for any of the stores!

After investigating this further, we discovered that the cause was related to a recent Microsoft Windows Server Update that included a VBScript patch:

However, the patch contains a bug that breaks the Encryption and Decryption algorithm used by ProductCart. The effect of this can be any one of the following issues, often at random:
  • Merchants and Sub Users are unable to login to the ProductCart Control Panel, because their passwords are not being properly decrypted.
  • Some Customers are unable to login to their Account in the Storefront, because their password is not being properly decrypted.
  • Stores using Offline Credit Card Processing are no longer seeing the correct credit card number when it is extracted from the database and decrypted.

Do you need it?

Since we do not know if/when Microsoft will recognize and address this issue, we recommend that all stores, using any version, install this patch.

Back Up!

This update does not impact commonly modified files, however it is always a best practice to backup your existing files prior to installing any patches.

Downloading the Updated Files

If you are actively enrolled in the ProductCart Support & Updates Plan, you can download the patch for free as part of your maintenance plan. Simply login to your ProductCart Control Panel and navigate to "Help > Check for Updates".  If you are not currently enrolled in the Support & Updates Plan, we encourage you to enroll here. If you choose not to enroll in the Support & Updates Plan, you can still download the fix for a $75 fee by purchasing the following Item from our store.

Unzipping the Downloaded Files

  • Unzip the files to a new directory on your desktop (e.g. "Windows Bug Fix Files").
  • Do not copy the unzipped files onto an existing set of ProductCart files.
  • If you need to synchronize customized files, see Synchronizing customized files
  • If you want to have a copy of the entire ProductCart folder on your desktop, including the latest files, download the store to your desktop after you have finished the update process.

Performing the update

Synchronize overwritten files

This patch does not contain files that are commonly modified. However, if your store is customized you need to follow the steps below for best results.

Please see: Synchronizing customized files.

Step 1 - Back up your store

If you haven't already done so, back-up your store.

Step 2 - FTP new files to your server

Upload the files to their respective folders, overwriting the existing files. For instance, you will update the contents of the "includes" subfolder on your Web server with the files contained in the "includes" subfolder in the zip file that you have downloaded from the ProductCart Update Management System.

Note:  FTP transfers sometimes fail. Make sure that once the process has finished, your FTP client reported a success message. Most FTP programs have a way to show you whether some files were not uploaded successfully. If that happens, make sure to upload them again until all files have been uploaded successfully. For example, Filezilla separately reports "Failed Transfers" and "Successful Transfers". The "Failed Transfers" tab should be empty.


  • Support Forums
  • Video Tutorials
  • Support Request
  • Support Policy
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found