Check out bugtraq at http://www.securityfocus.com/archive/1
There is the top 20 security holes from the FBI & SANS Institute at
http://www.sans.org/top20/

Personally the most telling stat for me is the 176 from 35 machines Nimda probes
and the 184 from 119 CodeRed probes I've received in the last 50 days since I
rebuilt & reinstalled my FreeBSD stable world.
There would probably be more probes but every hour I have a cronjob that
blocks any IP that has probed me 10 or more times.

The biggest holes are in OutLook & IE.  One of the ActiveX controls has a hole
so big Microsoft recommended not trusting anybody including Microsoft.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-065.asp

-Charlie
--
Charles Anderson        caa at columbus dot rr dot com

No quote, no nothin'

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.