"These applications are the Achilles' heel for a lot of enterprises," because they are often accessible to outsiders, Ullrich said, adding that they are often hastily written, with little attention paid to security.

A marked increase in zero-day attacks that target unpatched vulnerabilities also portends problems for users going forward, according to the SANS report. Most of these attacks have been aimed at Microsoft products, particularly Internet Explorer, Word and PowerPoint, and appear to be launched from China. Among the 20 zero-day attacks listed by SANS in Wednesday's report were five that targeted IE and three that hit PowerPoint. Also listed were four zero-day attacks against Apple's Safari Web browser and its Mac OS X operating system.

Making the Sans top 20 list for the first time also was , which was often exploited in highly targeted spear-phishing attacks. Adding to this problem is the issue of excessive user rights and the prevalence of unauthorized devices on enterprise networks, the SANS report said.