Great… Nice start to the day, received an email from Parallels regarding a vulnerability within all Plesk Panel versions below 10.4 which allow anonymous access to the server!
http://kb.parallels.com/en/113321
In a nutshell – if your server is running below 10.4 – you are at risk and MUST update. I have 3 Plesk servers, 10.4 / 9.5.4 / 8.6.0 – so I was able to carry out the “Micro updates” (MU), versions other than this required a manual patch (unless you opt to go upto the highest subversion to get the MU).