ExpressVPN Fixes Windows Vulnerability That Exposed Remote Desktop Traffic
ExpressVPN has rolled out a critical update for its Windows application to address a security flaw that could leave remote desktop traffic unprotected. Users on Windows should immediately upgrade to version 12.101.0.45, particularly if they rely on Remote Desktop Protocol (RDP) or any other services using TCP port 3389.
The issue was disclosed by ExpressVPN in a recent blog post, where the company confirmed that an independent researcher, Adam-X, reported the vulnerability on April 25 as part of its bug bounty program. The researcher discovered that internal debug code, which bypassed VPN protection for traffic on port 3389, had accidentally been included in the public release. ExpressVPN acted swiftly, releasing a patch within five days to resolve the issue.
While the risk of exploitation was low, the flaw could have exposed users’ real IP addresses under specific conditions. A potential attacker would need to know about the vulnerability and then manipulate the target into sending traffic over RDP or port 3389. Even then, the exposure would be limited to the IP address—no transmitted data would be compromised.
ExpressVPN emphasized that there is no evidence the bug was actively exploited. Still, the company took proactive steps to secure its users by not only fixing the issue but also implementing automated checks to prevent similar oversights in the future. This move reinforces ExpressVPN’s commitment to security, further bolstered by a successful independent privacy audit earlier this year.
For crypto users and privacy-conscious individuals, VPN security is crucial. ExpressVPN’s quick response and additional safeguards demonstrate its reliability as a provider in an industry where trust is paramount. If you haven’t already, updating to the latest version is strongly recommended to ensure full protection.
