niftycent.com
NiftyCent
US
Login
Marketplace
Discounts

ExpressVPN patches Windows bug that exposed remote desktop traffic

ExpressVPN has released a new patch for its Windows app to close a vulnerability that can leave remote desktop traffic unprotected. If you use ExpressVPN on Windows, download version 12.101.0.45 as soon as possible, especially if you use Remote Desktop Protocol (RDP) or any other traffic through TCP port 3389.

ExpressVPN announced both the vulnerability and the fix in a blog post earlier this week. According to that post, an independent researcher going by Adam-X sent in a tip on April 25 to claim a reward from ExpressVPN's bug bounty program. Adam-X noticed that some internal debug code which left traffic on TCP port 3389 unprotected had mistakenly shipped to customers. ExpressVPN released the patch about five days later in version 12.101.0.45 for Windows.

As ExpressVPN points out in its announcement of the patch, it's unlikely that the vulnerability was actually exploited. Any hypothetical hacker would not only have to be aware of the flaw, but would then have to trick their target into sending a web request over RDP or other traffic that uses port 3389. Even if all the dominos fell, the hacker could only see their target's real IP address, not any of the actual data they transmitted.

Even if the danger was small, it's nice to see ExpressVPN responding proactively to flaws in its product — bug bounties are great, but a security product should protect its users with as many safeguards as possible. In addition to closing this vulnerability, they're also adding automated tests that check for debug code accidentally left in production builds. This, plus a successful independent privacy audit earlier in 2025, gives the strong impression of a provider that's on top of things.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/vpn/expressvpn-patches-windows-bug-that-exposed-remote-desktop-traffic-171507501.html?src=rss https://www.engadget.com/cybersecurity/vpn/expressvpn-patches-windows-bug-that-exposed-remote-desktop-traffic-171507501.html?src=rss
Created 9d | Jul 23, 2025, 5:20:22 PM


Login to add comment

Other posts in this group

The original Nintendo Switch is about to get more expensive in the US
The original Nintendo Switch is about to get more expensive in the US

Nintendo has announced that the price of the original

Aug 1, 2025, 7:20:27 PM | Engadget
Reddit puts its plans for paid subreddits on hold
Reddit puts its plans for paid subreddits on hold

Reddit is reversing course on its plans to put some subreddits behind a paywall, at least for now. CEO Steve Huffman said the company is "shifting resources away" from the effort as it doubles down

Aug 1, 2025, 7:20:26 PM | Engadget
Some goo.gl URLs will live to fight another day
Some goo.gl URLs will live to fight another day

Google's shortened URLs are the horror movie monster of the

Aug 1, 2025, 7:20:25 PM | Engadget
The HORI Piranha Plant camera for Switch 2 drops to $40
The HORI Piranha Plant camera for Switch 2 drops to $40

The HORI Piranha Plant camera for the Nintendo Switch 2

Aug 1, 2025, 4:50:30 PM | Engadget
Google rolls out its most powerful Gemini model yet
Google rolls out its most powerful Gemini model yet

Google AI Ultra subscribers now have access to Deep Think, Google’s most advanced reason

Aug 1, 2025, 4:50:28 PM | Engadget
Itch.io starts reindexing free NSFW content
Itch.io starts reindexing free NSFW content

Digital storefront Itch.io is reindexing its free adult games, and is talking to its partnered payment processors about plans to gradually reintroduce paid NSFW content. In a new

Aug 1, 2025, 4:50:27 PM | Engadget
Apple's USB-C Magic Keyboard with Touch ID is $20 off right now
Apple's USB-C Magic Keyboard with Touch ID is $20 off right now

Apple's first-party USB-C Magic Keyboard with Touch ID

Aug 1, 2025, 4:50:25 PM | Engadget
Techie
Techie