ExpressVPN patches Windows bug that exposed remote desktop traffic
ExpressVPN has released a new patch for its Windows app to close a vulnerability that can leave remote desktop traffic unprotected. If you use ExpressVPN on Windows, download version 12.101.0.45 as soon as possible, especially if you use Remote Desktop Protocol (RDP) or any other traffic through TCP port 3389.
ExpressVPN announced both the vulnerability and the fix in a blog post earlier this week. According to that post, an independent researcher going by Adam-X sent in a tip on April 25 to claim a reward from ExpressVPN's bug bounty program. Adam-X noticed that some internal debug code which left traffic on TCP port 3389 unprotected had mistakenly shipped to customers. ExpressVPN released the patch about five days later in version 12.101.0.45 for Windows.
As ExpressVPN points out in its announcement of the patch, it's unlikely that the vulnerability was actually exploited. Any hypothetical hacker would not only have to be aware of the flaw, but would then have to trick their target into sending a web request over RDP or other traffic that uses port 3389. Even if all the dominos fell, the hacker could only see their target's real IP address, not any of the actual data they transmitted.
Even if the danger was small, it's nice to see ExpressVPN responding proactively to flaws in its product — bug bounties are great, but a security product should protect its users with as many safeguards as possible. In addition to closing this vulnerability, they're also adding automated tests that check for debug code accidentally left in production builds. This, plus a successful independent privacy audit earlier in 2025, gives the strong impression of a provider that's on top of things.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
an hour ago
- Yahoo
The next Made By Google event (better known as the Pixel launch) is set for August 20
Google will host its next Made by Google event on August 20, the company announced today. In a media invite, it promised the event would feature new Pixel phones, watches, buds "and more." It's hard to imagine what other product types might be covered by those last two words, but for those who watch the industry closely, this event is likely to see the launch of the Pixel 10 flagship phones, along with a Pixel Watch 4 and new Pixel Buds. It's easy to make that deduction, especially going by previous Made By Google events. At last year's hardware launch, Google announced the Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel Watch 3 and Pixel Buds Pro 2. Between that and the company's invite, we can expect a refresh of nearly the entire Pixel line. As for what the "and more" bit could entail, recent rumors suggesting Google is working on a proper response to Apple's MagSafe tech dubbed Pixelsnap. Android manufactures have been slow to adopt the Qi2 wireless charging standard, but with the upcoming Pixel 10 it appears the company is working on a host of magnetic Qi2 accessories, including a new charging stand. As always, be sure to visit Engadget on the day of the event as we'll have a liveblog of the entire proceedings. Update, July 16 2025, 1:50PM ET: This story has been updated to include a list of devices we expect Google to unveil on August 20.
Yahoo
2 hours ago
- Yahoo
Chris Martin's Ex Gwyneth Paltrow Is Astronomer's ‘Temporary Spokesperson' Amid Coldplay Scandal
Astronomer has enlisted the help of Gwyneth Paltrow for a new promotional video in the wake of the Coldplay cheating scandal. The new video, posted by Astronomer via its official X page on Friday, July 25 features Paltrow as the company's 'Temporary Spokesperson.' Paltrow, who is the ex-wife of Coldplay frontman , introduced her role for the company while speaking to the camera. 'Hi, I'm Gwyneth Paltrow. I've been hired on a very temporary basis to speak on behalf of the 300+ employees at Astronomer,' Paltrow, 52, said. 'Astronomer has gotten a lot of questions over the last few days and they wanted me to answer the most common ones.' Ex-Astronomer CEO Andy Byron and Kristin Cabot Show PDA in Newly Resurfaced Video From Coldplay Concert The footage then cuts to the first 'question,' which reads, 'OMG what the actual F?' Paltrow does not directly answer this question or address the viral scandal, which saw the company's CEO Andy Byron and Chief People Officer Kristin Cabot step down after they were captured on a Kiss Cam getting cozy despite both reportedly being married to other people. Instead, Paltrow responds with information about Astronomer's business. 'Yes, Astronomer is the best place to run a patchy airflow, unifying the experience of running data ML and AI pipelines at scale. We've been thrilled so many people have a newfound interest in date workflow automation,' she said, before moving on to the next 'question.' The words 'How is your social team holding…' began to be written on screen before abruptly being cut off and switching back to Paltrow. 'Yes! There is still room available at our Beyond Analytics Event in September. We will now be returning to what we do best: Delivering game-changing results for our customers,' Paltrow said, before concluding, 'Thank you for your interest in Astromoner.' Astronomer executives Cabot and Byron made headlines when they attended Coldplay's concert at Gillette Stadium in Foxboro, Massachusetts, on July 16. During the performance, Martin introduced the Kiss Cam and turned it on to the crowd, focusing on Cabot and Byron embracing while watching the show. New Astronomer CEO Releases Statement After Coldplay Kiss Cam Scandal As soon as they realized they were being blasted on the big screen, the pair was immediately evasive. Cabot attempted to shield her face while Byron tried to dodge the cameras by ducking down out of shot. 'Whoa, look at these two. All right, come on. You're OK,' Martin, 48, said. 'Either they're having an affair or they're just very shy. I'm not quite sure what to do.' He added, 'Holy s***.I hope we didn't do something bad.' In the wake of the scandal, Astronomer confirmed that both Byron and Cabot have tendered their resignations from the company. Solve the daily Crossword
Yahoo
7 hours ago
- Yahoo
Engadget Podcast: A taste of iOS 26, iPadOS 26, macOS 26 and more
Engadget has been testing and reviewing consumer tech since 2004. Our stories may include affiliate links; if you buy something through a link, we may earn a commission. Read more about how we evaluate products. We've been playing around with the developer betas of Apple's latest software, and now that we've spent time with iOS 26, Liquid Glass and more on actual devices, we have thoughts. From representation in Genmoji and Live Translation adventures to Apple Intelligence musings, our hosts Cherlynn Low and Mat Smith share what you can expect on your iPhones later this year. We also go over our reviews of the Samsung Galaxy Watch 8 and Galaxy Z Flip 7, as well as Microsoft's SharePoint server vulnerabilities. Check out the episode below or find the Engadget Podcast on your favorite podcast platform. We're pretty much everywhere. If you'd like to interact with our hosts live, make sure to join us on Thursday mornings on the Engadget YouTube channel for the livestream of this podcast. We're taking a break for the rest of July but will resume that broadcast in August. Come through, we can't wait to talk to you! Subscribe! iTunes Spotify Pocket Casts Stitcher Google Podcasts Credits Hosts: Cherlynn Low and Mat SmithProducer: Ben EllmanMusic: Dale North and Terrence O'Brien
