Um unsere Apps und Konfigurationen nutzen zu können, registrieren Sie sich bitte zuerst für ein ExpressVPN-Konto.
This issue has now been resolved.
Version 12.73.0 of our Windows app temporarily removed the split-tunneling feature while we addressed an issue that may have left some users’ DNS requests unprotected. Starting with Version 12.74.0, split tunneling has been restored. The issue that prompted its removal has been fixed. You can read more about this on our blog.
If you are using Version 12.73.0 and do not see split tunneling available to you, please update to the latest version.
In addition, we are no longer supporting Version 10 of our Windows app, with the final update being Windows 10.53.0. Split tunneling has been permanently removed from Version 10.
What exactly was the issue?
We found two bugs related to split tunneling, which we have now fixed.
The first bug only affected Version 12 of the Windows app.
Versions 12.23.1–12.72.0 of our Windows app, published between May 19, 2022, and Feb. 7, 2024, had a bug that allowed some users’ DNS requests to go unprotected when the user had chosen one of our two split-tunneling modes, “Only allow selected apps to use the VPN.” In these instances, the apps being routed through the VPN might, under some circumstances, send DNS requests to third-party DNS servers instead of our servers. All other aspects of VPN protection (e.g., encryption) were not impacted.
Version 12.73.0 of our Windows app removed split tunneling while we addressed the issue. It has now been resolved, and starting with Version 12.74.0, split tunneling has been restored to all Windows users.
During further investigation and testing, a second bug was discovered. It only affected Windows users who had other VPN apps installed on their computer and were also using split tunneling. In these cases, users’ DNS requests could go unprotected.
This issue is an edge case. We estimate that it could have occurred for less than 1% of Windows users. We believe an even smaller proportion of users would have had the relevant interacting apps installed on their machines, so the affected user group is smaller than half a percent of Windows users.
Recent updates to Version 12 of our Windows app have resolved this issue, as verified by an independent audit. We have ended support for Version 10 of our Windows app, but the last released version does not contain the split-tunneling feature.
What does it mean for DNS requests to go unprotected?
When a user’s DNS requests are not sent to our servers and instead go to a third party, that normally means the user’s ISP, unless the user has previously designated otherwise. The ISP is able to determine the web domains visited by that user (e.g., google.com), but not any individual webpages, searches, or other online behavior. All contents of the user’s traffic remain encrypted by the VPN and unviewable by the ISP or any other third party.
Is there anything I need to do?
If you are a Version 12 user: We recommend that you upgrade to the latest Version 12 app, if your app has not already automatically updated.
If you are a Version 10 user: You should upgrade to Version 12 of the Windows app, as we no longer support Version 10. If your computer is running Windows 7, 8, or 8.1, you should know that Microsoft is no longer releasing critical security updates for these discontinued operating systems. Therefore we strongly urge you to upgrade your operating system to Windows 10 or 11, which will also allow you to begin using Version 12 of our Windows app.
I want to use split tunneling. What can I do?
You should update to the latest version of our Version 12 app for Windows.