ExpressVPN has released a new patch for its Windows applications to close vulnerabilities that could make remote desktop traffic unprotected. If you are using ExpressVPN on Windows, download version 12.101.0.45 as soon as possible, especially if you use Remote Desktop Protocol (RDP) or any other traffic through TCP port 3389.
ExpressVPN announced vulnerabilities and fixes in a blog post earlier this week. According to the post, an independent Adam-X researcher sent a prompt in the prompt on April 25, asking for rewards for Expressvpn’s Bug Bounty program. Adam-X noticed that some internal debugging code made traffic on TCP port 3389 unprotected and sent to the customer incorrectly. ExpressVPN released a patch in Windows version 12.101.0.45 about five days later.
As ExpressVPN pointed out in its announcement patch, it is actually unlikely to exploit the vulnerability. Any hypothetical hacker must not only be aware of the flaw, but also must trick its targets into sending web requests over RDP or other traffic using port 3389. Even if all Dominos drop, they can only see the real IP address of their target, rather than any actual data they transmit.
Even if the danger is small, it’s great to see ExpressVPN respond positively to the flaws in its products – Bug Bounties is great, but security products should protect their users with as many safeguards as possible. In addition to ending this vulnerability, they also added automatic testing to check for unexpectedly remaining debugging code in the production version. This is a successful independent privacy review that, in early 2025, gave a strong impression of the most important providers.
If you purchase something through the links in this article, we may earn commissions.
