All Plex users are encouraged to apply the hot fix patch, which directs their servers to respond to UDP requests only from the local network and not the public internet. As some of the Plex Servers have become vulnerable to DDoS Attacks.
To clarify certain details, Plex said that the exploit would not have allowed attackers to access any private data or make changes to the accounts of its users. Instead, the flaw could have caused an affected server to “reflect” UDP packets as a way to amplify a DDoS attack against another server or network on the internet.
“Plex said that it has issued hotfix 66 for Plex Media Server to address the flaw in its product.”
The fix is available in Plex Media Server v126.96.36.19914 or newer and is accessible to both public and beta users of Plex Media Server through the regular Downloads page.
Plex also offered the following tips for users of its Media Server product:
- If connected directly to the public internet, configure your server’s firewall to block traffic on the “additional” ports mentioned in this support article.
- When using a router performing NAT (this includes most consumer systems), configure it not to forward UDP traffic on these “additional” ports from the public internet to the device running Plex Media Server.
We recommend that everyone running Plex Server update and patch immediately!