ExpressVPN Bug Exposed User IPs in RDP Sessions

ExpressVPN has patched a critical vulnerability in its Windows application that allowed Remote Desktop Protocol (RDP) traffic to bypass the encrypted VPN tunnel. The ExpressVPN bug exposed user IP addresses during RDP sessions, undermining the core privacy protection the service is designed to provide.

The flaw caused RDP traffic to route outside the VPN tunnel, revealing users’ real IPs to remote servers. This issue created a significant privacy risk for individuals relying on the VPN for secure remote access. ExpressVPN acted quickly to resolve the problem and released an update to fix the routing behavior in its Windows client.

Security researchers identified the issue, prompting ExpressVPN to investigate and deploy a fix. The company has advised all Windows users to update their software immediately. Since the ExpressVPN bug exposed user IPs in real-time sessions, staying current with patches remains essential for maintaining anonymity.

Read the full report at the official source:
https://www.bleepingcomputer.com/news/security/expressvpn-bug-leaked-user-ips-in-remote-desktop-sessions/