SANS has published its top 20 OS vulnerability list. Here it is: Top Vulnerabilities to Windows Systems # W1 Internet Information Services (IIS) # W2 Microsoft SQL Server (MSSQL) # W3 Windows Authentication # W4 Internet Explorer (IE) # W5 Windows Remote Access Services # W6 Microsoft Data Access Components (MDAC) # W7 Windows Scripting Host (WSH) # W8 Microsoft Outlook Outlook Express # W9 Windows Peer to Peer File Sharing (P2P) # W10 Simple Network Management Protocol (SNMP)
Top Vulnerabilities to UNIX Systems # U1 BIND Domain Name System # U2 Remote Procedure Calls (RPC) # U3 Apache Web Server # U4 General UNIX Authentication Accounts with No Passwords or Weak Passwords # U5 Clear Text Services # U6 Sendmail # U7 Simple Network Management Protocol (SNMP) # U8 Secure Shell (SSH) # U9 Misconfiguration of Enterprise Services NIS/NFS # U10 Open Secure Sockets Layer (SSL) Here is the link to it: http://isc.sans.org/top20.html -Nash
