At
http://www.microsoft.com/security/sir/default.aspx, Microsoft have a made available a free Security Inteliigence Report.
Here is an interesting note about the report: "At RSA Conference Europe 2011 today, Microsoft Corp. released the
Microsoft Security Intelligence Report volume 11 (SIRv11), which found
that less than 1 percent of exploits in the first half of 2011 were
against zero-day vulnerabilities — software vulnerabilities that are
successfully exploited before the vendor has published a security update
or “patch.” In contrast, 99 percent of all attacks during the same
period distributed malware through familiar techniques, such as social
engineering and unpatched vulnerabilities. In the report, Microsoft
highlights the fact that some of the more common threats can be
mitigated through good security best practices."
Although Zero-Day vulnerabilities are always a threat, I was surprised that they comprised such a small part of the total threat.