"Windows ExpressVPN Application Gets a Patch to Rectify Security Loophole"
ExpressVPN Resolves Routing Issue in Version 12 Windows App
ExpressVPN has addressed a security vulnerability in its Version 12 Windows app, following a report by a security researcher through the company's bug bounty platform. The issue, which affected the routing of certain Remote Desktop Protocol (RDP) traffic, posed a privacy risk by allowing users' real IP addresses to be exposed.
The problem was traced to a piece of debug code that found its way into production builds, versions 12.97 to 12.101.0.2-beta. This debug code caused RDP traffic on TCP port 3389 to bypass the encrypted VPN tunnel, potentially exposing users' IP addresses.
ExpressVPN's team confirmed and triaged the report within hours, and the issue was resolved shortly after the release of Version 12.101.0.45. This update removed the debug code and restored proper routing of all TCP traffic, including RDP on port 3389, through the VPN tunnel.
The update also included routine bug fixes and improvements. To prevent recurrence, ExpressVPN has strengthened its internal safeguards by improving automated tests to flag and remove test settings earlier in development. This reduces the chance of human error and helps deliver even stronger protections for users.
It's important to note that this issue mainly affected users actively using RDP. The only data exposed by the breach was the user's real IP address. An observer, like an ISP or someone on the same network, could have seen not only that the user was connected to ExpressVPN, but also that they were accessing specific remote servers over RDP.
ExpressVPN encourages all users to update to the latest version to ensure complete protection against IP leakage through RDP or similar TCP traffic bypasses. The update has been rolled out across all distribution channels. The report was formally closed at the end of June.
In addition to this fix, ExpressVPN is also offering a special deal on Keeper Security's Business Starter and Business plans. However, this offer is not directly related to the reported issue.
[1] ExpressVPN Blog Post [2] TechCrunch Article
Cybersecurity measures taken by ExpressVPN have proven effective, as they swiftly resolved a routing issue in their Version 12 Windows app. This incident involved data-and-cloud-computing traffic, specifically Remote Desktop Protocol (RDP), and underlined the importance of technology in ensuring user privacy.
