ExpressVPN has launched a brand new patch for its Home windows app to shut a vulnerability that may go away distant desktop visitors unprotected. If you happen to use ExpressVPN on Home windows, obtain model 12.101.0.45 as quickly as potential, particularly if you happen to use Distant Desktop Protocol (RDP) or some other visitors by means of TCP port 3389.
ExpressVPN introduced each the vulnerability and the repair in a weblog put up earlier this week. In accordance with that put up, an unbiased researcher going by Adam-X despatched in a tip on April 25 to say a reward from ExpressVPN's bug bounty program. Adam-X seen that some inner debug code which left visitors on TCP port 3389 unprotected had mistakenly shipped to clients. ExpressVPN launched the patch about 5 days later in model 12.101.0.45 for Home windows.
As ExpressVPN factors out in its announcement of the patch, it's unlikely that the vulnerability was really exploited. Any hypothetical hacker wouldn’t solely have to pay attention to the flaw, however would then should trick their goal into sending an internet request over RDP or different visitors that makes use of port 3389. Even when all of the dominos fell, the hacker may solely see their goal's actual IP deal with, not any of the particular information they transmitted.
Even when the hazard was small, it's good to see ExpressVPN responding proactively to flaws in its product — bug bounties are nice, however a safety product ought to shield its customers with as many safeguards as potential. Along with closing this vulnerability, they're additionally including automated exams that examine for debug code by accident left in manufacturing builds. This, plus a profitable unbiased privateness audit earlier in 2025, offers the sturdy impression of a supplier that's up to the mark.
This text initially appeared on Engadget at https://www.engadget.com/cybersecurity/vpn/expressvpn-patches-windows-bug-that-exposed-remote-desktop-traffic-171507501.html?src=rss