This article applies to Code42 for Enterprise version 4.
CrashPlan app version 4.8.2 and earlier contains a security vulnerability that could allow escalation of privilege on Windows devices. To correct this vulnerability, Code42 strongly recommends upgrading all Windows devices to version 4.8.3 or later.
If you cannot upgrade to a newer version, this article also describes how to manually remove the vulnerability from older versions of the CrashPlan app.
CrashPlan app version 4.8.2 and earlier on Windows devices.
Upgrade devices in your Code42 environment to CrashPlan app version 4.8.3 or later.
CrashPlan app version 4.8.3 requires Code42 server version 5.4.3 or later. If your on-premises Code42 server is version 5.4.2 or older, first upgrade to Code42 server version 5.4.3, then upgrade CrashPlan apps to version 4.8.3.
To remove this vulnerability without upgrading your devices, follow these steps on each device:
- Open the CrashPlanService.ini file in a plain text editor.
- Installed for everyone (default): C:\Program Files\CrashPlan\CrashPlanService.ini
- Installed per user: C:\Users\<username>\AppData\<Local or Roaming>\Programs\CrashPlan\CrashPlanService.ini
- Locate the line beginning with
Class Path =.
- Delete the path
C:\ProgramData\CrashPlan\langfrom that line.
- Save the changes to the file.
If in the future you upgrade your devices to a CrashPlan app version older than 4.8.3, you must repeat these steps.
If you have a large number of devices to update, consider creating a script in your client deployment tool (such as SCCM) to automatically apply this change to all devices in your Code42 environment.
If you need help scripting this change, contact your Customer Success Manager (CSM). If you do not know your specific CSM, contact firstname.lastname@example.org.