ExpressVPN Bug Leaking DNS Requests for Years

Abeerah Hashim  - Security Expert
Last updated: February 12, 2024
Share
ExpressVPN bug leaking DNS requests
  • ExpressVPN found a bug in its software that leaked DNS requests for an extended period.
  • The bug affects Windows users with an active split tunneling feature, potentially exposing their browsing histories to ISPs and other third parties.
  • ExpressVPN recommends disabling the split tunneling feature or upgrading to the latest version to mitigate the issue.

After identifying a bug that revealed the domains users visited, the latest ExpressVPN software version does not include the split tunneling feature. It was embedded in Windows 12.23.1-12-72.0 between May 19, 2022, and February 7, 2024, and only affected split tunneling feature users.

Split tunneling helps to route some traffic outside the VPN tunnel, providing the flexibility of using both remote secure access and the local network simultaneously.