SANS/FBI Top 20 Most Critical Internet Security Vulnerabilities:
Top Vulnerabilities to Windows Systems
- Internet Information Services (IIS)
- Microsoft Data Access Components (MDAC) — Remote Data Services
- Microsoft SQL Server
- NETBIOS — Unprotected Windows Networking Shares
- Anonymous Logon — Null Sessions
- LAN Manager Authentication — Weak LM Hashing
- General Windows Authentication — Accounts with No Passwords or Weak Passwords
- Internet Explorer
- Remote Registry Access
- Windows Scripting Host
Top Vulnerabilities to Unix Systems
- Remote Procedure Calls (RPC)
- Apache Web Server
- Secure Shell (SSH)
- Simple Network Management Protocol (SNMP)
- File Transfer Protocol (FTP)
- R-Services — Trust Relationships
- Line Printer Daemon (LPD)
- Sendmail
- BIND/DNS
- General Unix Authentication — Accounts with No Passwords or Weak Passwords