Skip to content

JOBUZO

  • News
  • Indonesia
  • Toggle search form
ExpressVPN patches Windows bug that exposed remote desktop traffic

ExpressVPN patches Windows bug that exposed remote desktop traffic

Posted on 23 July 2025 By jobuzo

ExpressVPN has released a new patch for its Windows app to close a vulnerability that can leave remote desktop traffic unprotected. If you use ExpressVPN on Windows, download version 12.101.0.45 as soon as possible, especially if you use Remote Desktop Protocol (RDP) or any other traffic through TCP port 3389.

ExpressVPN announced both the vulnerability and the fix in a blog post earlier this week. According to that post, an independent researcher going by Adam-X sent in a tip on April 25 to claim a reward from ExpressVPN’s bug bounty program. Adam-X noticed that some internal debug code which left traffic on TCP port 3389 unprotected had mistakenly shipped to customers. ExpressVPN released the patch about five days later in version 12.101.0.45 for Windows.

As ExpressVPN points out in its announcement of the patch, it’s unlikely that the vulnerability was actually exploited. Any hypothetical hacker would not only have to be aware of the flaw, but would then have to trick their target into sending a web request over RDP or other traffic that uses port 3389. Even if all the dominos fell, the hacker could only see their target’s real IP address, not any of the actual data they transmitted.

Even if the danger was small, it’s nice to see ExpressVPN responding proactively to flaws in its product — bug bounties are great, but a security product should protect its users with as many safeguards as possible. In addition to closing this vulnerability, they’re also adding automated tests that check for debug code accidentally left in production builds. This, plus a successful independent privacy audit earlier in 2025, gives the strong impression of a provider that’s on top of things.

If you buy something through a link in this article, we may earn commission.

ExpressVPN patches Windows bug that exposed remote desktop traffic


News

Post navigation

Previous Post: Open source X rival Mastodon begins raising funds with new in-app donation feature
Next Post: FDA’s New Drug Approval AI Is Generating Fake Studies: Report

Related Posts

Stablecoin law holds promise for e-CNY, cross-border flows: Morgan Stanley Stablecoin law holds promise for e-CNY, cross-border flows: Morgan Stanley News
Canberra invests billions in AUKUS submarine yard amid China tensions Canberra invests billions in AUKUS submarine yard amid China tensions News
U.S. army secretary optimistic after Kiev talks on new Ukraine peace plan: White House U.S. army secretary optimistic after Kiev talks on new Ukraine peace plan: White House News

Latest

  • Crowd surge at Hindu festival in India leaves 1 dead and many hospitalized
  • UK intelligence watchdog raps MI5 for lying to courts about a neo-Nazi informer
  • An OLED iPad Mini is Reportedly Arriving but Includes a Catch
  • South Korean province sets up teacher protection agency inspired by Netflix hit ‘Teach You a Lesson’
  • Daily roundup: 31 oversubscribed primary schools in Phase 2A to conduct balloting — and other top stories today
  • Let This Be Your Easy Guide to What the Easy A Cast Is Up to Now
  • Ultrahuman’s former hardware VP raises $5.5M for devices that control AI agents, not just record you
  • Meta now alerts parents if their teen discussed suicide or self-harm with its AI chatbot
  • Tensions spur ultra-rich to diversify across Asia
  • China memory-chip maker CXMT set for mega IPO

Copyright © 2025 JOBUZO. Disclaimers | Privacy Policies

Powered by PressBook Masonry Blogs