ExpressVPN patches Windows bug that exposed remote desktop traffic

ExpressVPN has released a patch for its Windows app to address a vulnerability that could have exposed remote desktop traffic. The issue was discovered by an independent researcher and reported through ExpressVPN's bug bounty program. The vulnerability was caused by debug code that mistakenly shipped to customers, leaving traffic on TCP port 3389 unprotected. While the risk of exploitation was relatively low, as it would have required the hacker to be aware of the flaw and trick the target into sending specific web requests, ExpressVPN responded promptly by releasing a patch in version 12.101.0.45 for Windows. The company is also implementing automated tests to prevent similar issues from occurring in the future. The article highlights ExpressVPN's proactive approach to security, including the use of a bug bounty program and a successful independent privacy audit earlier in 2025. This suggests that the company is committed to maintaining the integrity and security of its product for its users.