SANS released their list of the top 20 security vulnerabilies this month.  There are a few items of note on it:

• The list has been broken up into these broad categories:
  • Operating systems
  • Cross-platform applications
  • Network Devices
  • Security Policy and personnel
  • Special Section on Zero day attacks and prevention
• Under OS Microsoft lead the way with the first 5 categories (Internet explorer, windows libraries, MS Office, Windows Services, and Windows configuration weaknesses).  Max and Unix also had a category each.
• Under cross platform apps SNAS listed web apps, databases, file sharing, instant messaging, media players, dns servers, backup software and security enterprise and directory servers.
• Under Network devices VOIP phones got their own category, as well as a "general net devices" subtopic for routers, firewalls and security appliances.
• Under security policies they listed Excessive user rights, unauthorized devices, and Phishing.
• The zero day attack section was specifically about attacks that happen the same day the vulnerability is revealed - giving vendors and security personnel little or no time to respond.

The conclusions we can draw here are pretty wide - however to summarize a bit:

• Every application, operating system, browser, service and appliance on your network could potentially be exploited - you need to keep them all patched up to date.
• Although windows attack surfaces are the broadest due to installed base - there are vulnerabilities in every vendor's product across the board - don't get complacent about security.
• "fooling the user" tactics such as phishing have become much more prevalently used to attack people's machines and information.
• There is some great advice within the SANS article for each of these vulnerabilities and how to reduce your attack surface and avoid an attack directed at one of these targets.  It's well worth your time to read the recommendations at the end of each section and ask yourself if you're currently following those recommendations.