CrashPlan app versions 4.8.2 and earlier contain a security vulnerability that could allow escalation of privilege on Windows devices. This vulnerability is already corrected in CrashPlan app version 4.8.3. All CrashPlan for Small Business (previously CrashPlan PRO) devices with supported operating systems automatically upgraded to version 4.8.3 on June 13, 2017.
This article provides a manual workaround to remove the vulnerability from older versions of the CrashPlan app. These steps are recommended only for customers who cannot upgrade to CrashPlan app version 4.8.3 or later.
CrashPlan app version 4.8.2 and earlier on Windows devices.
You can identify your CrashPlan app version to determine if you must manually remove the vulnerability.
Recommended solution for CrashPlan app 4.8.2 and earlier
These steps are recommended only for customers who cannot upgrade their devices to CrashPlan app version 4.8.3 or later. Follow these steps on each device:
- Open the CrashPlanService.ini file in a plain text editor.
- Installed for everyone (default): C:\Program Files\CrashPlan\CrashPlanService.ini
- Installed per user: C:\Users\<username>\AppData\<Local or Roaming>\Programs\CrashPlan\CrashPlanService.ini
- Locate the line beginning with
Class Path =.
- Delete the path
C:\ProgramData\CrashPlan\langfrom that line.
- Save the changes to the file.