ExpressVPN Vulnerability Exposed User IPs: What You Need to Know
In the world of online privacy, a Virtual Private Network (VPN) is a critical tool for safeguarding your digital footprint. Users rely on these services to encrypt their traffic and mask their true IP address. However, a recently discovered bug in a popular VPN service, ExpressVPN, highlights the importance of constant vigilance and keeping your software up to date.
A security flaw was identified in specific versions of the ExpressVPN app for Windows that could, under certain conditions, leak a user’s real IP address, effectively undermining the core protection a VPN is meant to provide.
The Core of the Problem: Split Tunneling and DNS Leaks
The vulnerability was linked to a specific feature known as split tunneling. For those unfamiliar, split tunneling is a convenient feature that allows you to decide which apps use the VPN and which connect directly to the internet. For example, you might route your web browser through the VPN for privacy while allowing a gaming application to connect directly for lower latency.
The bug caused a DNS leak when this feature was enabled. A DNS (Domain Name System) leak happens when your device sends DNS requests to your regular Internet Service Provider (ISP) instead of the VPN’s anonymous DNS servers. When this occurs, your ISP can see the websites you are visiting, and those websites can potentially see your real IP address.
In this specific case, when a user activated split tunneling, the ExpressVPN app failed to properly enforce its own network rules. This meant that DNS requests for all traffic—not just the traffic excluded from the VPN—were sent to the user’s ISP, exposing their IP address and browsing activity.
Who Was Affected by This Bug?
It’s crucial to understand that this vulnerability did not affect all ExpressVPN users. The risk was specific to users who met the following criteria:
- Using ExpressVPN for Windows: The bug was exclusive to the Windows desktop application. Mac, Linux, iOS, and Android users were not affected.
- Running a Specific Version: The flaw was present in ExpressVPN for Windows versions 12.23.1 through 12.72.0.
- Using the Split Tunneling Feature: The IP leak only occurred if the user had the split tunneling feature activated. If you were not using split tunneling, your connection remained secure.
How to Protect Yourself: Actionable Security Steps
The good news is that this vulnerability has been addressed. If you are an ExpressVPN user on Windows, taking immediate action is essential to ensure your privacy is protected.
Update Your ExpressVPN App Immediately: The most important step is to update your software. The security patch that fixes this bug was released in version 12.73.0. Open your ExpressVPN app and check for an update prompt. If you don’t see one, it is highly recommended that you visit the official ExpressVPN website and download the latest version of the Windows app directly.
Temporarily Disable Split Tunneling: If you cannot update your app right away, you should disable the split tunneling feature. By routing all your traffic through the VPN, you can prevent the DNS leak from occurring. You can do this in the app’s settings menu.
Verify Your Connection: After updating, you can gain peace of mind by running a DNS leak test. Connect to your VPN, then visit a third-party DNS leak test website. The test should show DNS servers and an IP address associated with ExpressVPN, not your local ISP.
While this incident is concerning, it serves as a critical reminder that no software is perfect. Security is an ongoing process, not a one-time setup. Regularly updating all your software, especially security tools like VPNs and antivirus programs, is one of the most effective habits you can adopt to stay safe online.
Source: https://www.bleepingcomputer.com/news/security/expressvpn-bug-leaked-user-ips-in-remote-desktop-sessions/
