ExpressVPN issues emergency Windows patch


ExpressVPN has issued an emergency patch for its Windows-based app after receiving a tip-off from a tech expert and writer.

Attila Tomaschek, a VPN expert and staff writer for CNET, reached out to ExpressVPN after noticing that DNS requests on his Windows machine were not being directed to the virtual network as expected.

ADVERTISEMENT

“This occurred when he had activated split tunneling, which limits which apps send their traffic through the VPN,” says ExpressVPN. “When a user is connected to ExpressVPN, their DNS requests are supposed to be sent to an ExpressVPN server. But the bug allowed some of those requests to go instead to a third-party server, which in most cases would be the user’s internet service provider.”

ExpressVPN was forced to temporarily disable the split tunneling feature for Windows users of its Version 12 app, who constitute about 1% of its client base. It will remain deactivated until engineers have devised a permanent fix.

“We were only able to replicate the issue when using the specific split tunneling mode, and even then, we found that it only occurred in some cases,” it added. “Users who had not activated split tunneling at all, or who had chosen the other mode [to] not allow selected apps to use the VPN had their DNS requests handled properly. No other VPN protections, such as encryption, were affected.”

NB: This article was amended to say Express VPN's app for "Windows" and not "Windows 12", which was incorrect.