Code42 app versions 4.8.2 and earlier contain a security vulnerability that could allow escalation of privilege on Windows devices. This vulnerability is already corrected in Code42 app version 4.8.3. All CrashPlan for Small Business (previously CrashPlan PRO) devices with supported operating systems automatically upgraded to version 4.8.3 on June 13, 2017.
This article provides a manual workaround to remove the vulnerability from older versions of the Code42 app. These steps are recommended only for customers who cannot upgrade to Code42 app version 4.8.3 or later.
Code42 app version 4.8.2 and earlier on Windows devices.
You can identify your Code42 app version to determine if you must manually remove the vulnerability.
Recommended solution for Code42 app 4.8.2 and earlier
These steps are recommended only for customers who cannot upgrade their devices to Code42 app version 4.8.3 or later. Follow these steps on each device:
- Open the CrashPlanService.ini file in a plain text editor.
- Installed for everyone (default): C:\Program Files\CrashPlan\CrashPlanService.ini
- Installed per user: C:\Users\<username>\AppData\<Local or Roaming>\Programs\CrashPlan\CrashPlanService.ini
- Locate the line beginning with
Class Path =.
- Delete the path
C:\ProgramData\CrashPlan\langfrom that line.
- Save the changes to the file.