Clients,
Below is a snippet from a security show talking about compromising a network. It's a bit deep in technical jargon but the important part is two fold: 1) don't open stuff you don't know about, and 2) run MS critical updates and virus protection often.
http://www.grc.com/sn/SN-091.pdf - (zero day exploits simply mean they are hacking you from the day the bug is published/released.)
But when it comes to these client application vulnerabilities, the easiest way to really do some damage and get some data out of a company is to send the Microsoft Word zero-day to the HR department at a large company, and the lady in HR opens it, Word disappears, she’s none the wiser, now I have that computer compromised. Now that I’m on the inside of your network, I take a remote attack like the DNS zero-day to target your active directory server. And now I’ve compromised that, and I can do anything I want to your company. And this all happens within a few hours.
