Security update for ExpressVPN app on Windows

ExpressVPN has released a security update for its Windows app, following the discovery of a vulnerability that allows all DNS connections to go outside of the ExpressVPN network to pass to a third party, usually The ISP.

The vulnerability is related to the split tunnel feature, which allows users to choose which apps connections go inside the VPN network, while the rest of the connections for other applications work through a traditional connection via the ISP. ExpressVPN has temporarily disabled the feature until the vulnerability is patched.

The main idea of using a VPN is to provide an encrypted and secure connection where even the network administrator or ISP cannot know which websites and online services are being used.

This vulnerability has existed for nearly two years, specifically in versions of the app that were released between May 19, 2022 and February 7, 2024.

We recommend that users update the application on the Windows operating system to version 12.73.0, in which the split tunnel feature has been temporarily deleted until the vulnerability is fixed.

Security update for ExpressVPN app on Windows

Security update for ExpressVPN app on Windows

New leak of Lastpass customer data

Mozilla Faces Privacy Complaint Over Firefox Tracking

Twitter restricts 2-Factor Authentication via SMS to “Blue” subscribers