FBI's Top 10 Online Security Threats for Windows.
The FBI has worked with the SANS Institute to develop a list of the 10 most exploited Windows threats. You can read more about it here.
The gist of it? There are 10 component on the Windows platform that are prone to new vulnerabilities, and are regularly used as the source of an attack vector. They are:
- Internet Information Services (IIS)
- Microsoft SQL Server (MSSQL)
- Windows authentication
- Internet Explorer (IE)
- Windows remote access services
- Microsoft Data Access Components (MDAC)
- Windows Scripting Host (WSH)
- Microsoft Outlook and Outlook Express
- Windows peer-to-peer file sharing (P2P)
- Simple Network Management Protocol (SNMP)
I am not sure I would have put IE so far down the list, but theoretical and practical attacks organize it differently. SQL injection/misuse attacks ARE more common that IE URL attacks. [Dana Epp's ramblings at the Sanctuary]