Skip to main content

This article applies to Code42 for Enterprise version 4.

Code42 Support

CrashPlan app 4.8.2 and earlier security vulnerability

This article applies to Code42 for Enterprise version 4.


CrashPlan app version 4.8.2 and earlier contains a security vulnerability that could allow escalation of privilege on Windows devices. To correct this vulnerability, Code42 strongly recommends upgrading all Windows devices to version 4.8.3 or later.

If you cannot upgrade to a newer version, this article also describes how to manually remove the vulnerability from older versions of the CrashPlan app. 


CrashPlan app version 4.8.2 and earlier on Windows devices.

Recommended solution

Upgrade devices in your Code42 environment to CrashPlan app version 4.8.3 or later.

CrashPlan app version 4.8.3 requires Code42 server version 5.4.3 or later. If your on-premises Code42 server is version 5.4.2 or older, first upgrade to Code42 server version 5.4.3, then upgrade CrashPlan apps to version 4.8.3.

Alternative solution

To remove this vulnerability without upgrading your devices, follow these steps on each device:

  1. Open the CrashPlanService.ini file in a plain text editor.
    • Installed for everyone (default): C:\Program Files\CrashPlan\CrashPlanService.ini
    • Installed per user: C:\Users\<username>\AppData\<Local or Roaming>\Programs\CrashPlan\CrashPlanService.ini
  2. Locate the line beginning with Class Path =.
  3. Delete the path C:\ProgramData\CrashPlan\lang from that line.
  4. Save the changes to the file.

If in the future you upgrade your devices to a CrashPlan app version older than 4.8.3, you must repeat these steps.

Create a script to automate changes
If you have a large number of devices to update, consider creating a script in your client deployment tool (such as SCCM) to automatically apply this change to all devices in your Code42 environment.

If you need help scripting this change, contact your Customer Success Manager (CSM). If you do not know your specific CSM, contact