SANs published a list of the top 25 reasons systems are hacked. Evidently, a consortium of people participate in this list including Microsoft. The list is a whose who of problems that continually plauge systems and range from improper coding, to improper permissions, to running processes in privledged accounts.

It is a solid list and I would recommend that you inspect it for anything you aren't already looking for:

http://www.sans.org/top25errors/#s4