That's really good news.
Just an update for people using 8.6 (and 8.4 and earlier) so they don't panic too much:
IF YOU HAVE PLESK 8.6:
If you have been keeping your Plesk install even slightly up to date, you'll not have the vulnerable version of the file in question installed. It was, as has been discussed, fixed in MU2, and we are now on MU10. MU2 was released a very long time ago.
IF YOU HAVE PLESK 8.x (earlier than 8.6):
You may need to manually update a certain file. Plesk versions earlier than 8.6 do not *appear* to have the necessary MU functionality in their updaters, and so will not have updated themselves. However, for the vulnerability to work, you would have had to have installed the Plesk API/Agent.
HOW TO CHECK WHICH (IF ANY) MUs you have installed:
As root (or use sudo) just issue the command
And you'll see a load off stuff corresponding to various MUs. There's also an xml file containing a note of the last MU installed.
If you get nothing when you "locate microupdate", you have none installed. This is most likely with an older version of Plesk (8.x < 8.6). Follow the links in one of the earlier posts, download the patch and copy the necessary file to the appropriate place.