Split tunneling is disabled in the latest version of ExpressVPN for Windows (12.73.0).
This is a temporary change, and it will be reversed after ExpressVPN patches a newly discovered DNS bug.
Other versions of the ExpressVPN app still support split tunneling.
Justin Duino / How-To Geek
The DNS vulnerability was discovered by Attila Tomaschek, a staff writer atCNET.
Tomaschek observed that DNS requests were not sent to ExpressVPN’s servers when split tunneling was enabled.
ExpressVPN successfully reproduced the vulnerability, but only in Only allow selected apps to use the VPN split-tunneling mode.
And, even then, DNS leakage was an occasional and inconsistent problem.
It went undetected for nearly two years, presumably because it’s so niche and hit-or-miss.
Funnily enough, split tunneling is still functioning properly in Version 10 of the ExpressVPN Windows app.
ExpressVPN estimates that 1% of Windows users meet the criteria for this vulnerability.
But your actual web traffic remained encrypted.
Location spoofing may also fail when a DNS leak occurs.
The DNS bug affects an incredibly small subset of users.
Still, ExpressVPN is taking a proactive approach.
We appreciate ExpressVPN’s response to the DNS bug, though the company’sdramatically-titled announcementseems to have startled some people.
A future update will resolve ExpressVPN’s DNS bug and enable split-tunneling functionality.
Additional information is available on theExpressVPN FAQ.
Those who are using ExpressVPN Version 10 for Windows do not need to take any action.
The bug only affects ExpressVPN Version 12.
