ExpressVPN has released a critical patch (version 12.101.0.45) for its Windows application to address a vulnerability that could expose remote desktop traffic, particularly for users utilizing Remote Desktop Protocol (RDP) or traffic routed through TCP port 3389. The vulnerability was reported by an independent researcher on April 25, and the patch was rolled out five days later. While the company indicated that the vulnerability was unlikely to have been exploited, it acknowledged the need for user protection and is implementing automated tests to prevent similar issues in the future.