Safety Detectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand

ExpressVPN Temporarily Disables Split-Tunneling Over a Bug

Penka Hristovska
Penka Hristovska
Published on: February 13, 2024
Penka Hristovska Penka Hristovska
Published on: February 13, 2024

Last week, ExpressVPN turned off the split tunneling feature on its Windows app to address a problem where DNS requests weren’t being correctly routed to its servers. ExpressVPN explained that the bug, which was found in versions 12.23.1–12.72.0, led to DNS requests being left unprotected.

Under normal conditions, a user’s DNS requests are routed through ExpressVPN’s servers when connected to its service. However, because of the glitch, these requests were redirected to a third party, usually the user’s Internet Service Provider (ISP), unless set up differently. This situation allowed the ISP to identify the domains accessed by the user, although not the specific pages or activities.

“All contents of the user’s traffic remain encrypted by the VPN and unviewable by the ISP or any other third party,” ExpressVPN explains.

The bug only affected ExpressVPN’s Windows app when the split-tunneling feature was on and the user chose the “Only allow selected apps to use the VPN” mode.

“We could not reproduce it when split tunneling was not activated or when the other split-tunneling mode, ‘Do not allow selected apps to use the VPN,’ was chosen,” ExpressVPN explained.

The split tunneling feature allows users to choose which apps use the VPN tunnel and which apps use the user’s regular internet connection. The affected split-tunneling mode lets users choose which apps are routed through the VPN tunnel.

“All other aspects of VPN protection (e.g., encryption) were not impacted,” ExpressVPN’s blog reads.

ExpressVPN stated that the bug affected fewer than 1% of its Windows users. Last week, ExpressVPN released version 12.73.0 for Windows, which completely deactivates the split tunneling feature. Users are recommended to update their software immediately.

According to ExpressVPN, split tunneling will stay disabled until they find and fix the root cause of the problem. Users who want to continue to use the split tunneling features can downgrade to version 10 of ExpressVPN for Windows, as the feature works correctly in that version.

About the Author
Penka Hristovska
Penka Hristovska
Editor
Published on: February 13, 2024

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.