ExpressVPN patches Home windows bug that uncovered distant desktop site visitors

ExpressVPN has launched a brand new patch for its Home windows app to shut a vulnerability that may depart distant desktop site visitors unprotected. If you happen to use ExpressVPN on Home windows, obtain model 12.101.0.45 as quickly as attainable, particularly for those who use Distant Desktop Protocol (RDP) or every other site visitors via TCP port 3389.

ExpressVPN introduced each the vulnerability and the repair in a weblog publish earlier this week. In accordance with that publish, an impartial researcher going by Adam-X despatched in a tip on April 25 to assert a reward from ExpressVPN’s bug bounty program. Adam-X observed that some inside debug code which left site visitors on TCP port 3389 unprotected had mistakenly shipped to prospects. ExpressVPN launched the patch about 5 days later in model 12.101.0.45 for Home windows.

As ExpressVPN factors out in its announcement of the patch, it is unlikely that the vulnerability was truly exploited. Any hypothetical hacker wouldn’t solely have to pay attention to the flaw, however would then should trick their goal into sending an internet request over RDP or different site visitors that makes use of port 3389. Even when all of the dominos fell, the hacker might solely see their goal’s actual IP tackle, not any of the particular knowledge they transmitted.

Even when the hazard was small, it is good to see ExpressVPN responding proactively to flaws in its product — bug bounties are nice, however a safety product ought to defend its customers with as many safeguards as attainable. Along with closing this vulnerability, they’re additionally including automated assessments that examine for debug code by accident left in manufacturing builds. This, plus a profitable impartial privateness audit earlier in 2025, offers the sturdy impression of a supplier that is up to the mark.

If you happen to purchase one thing via a hyperlink on this article, we might earn fee.