The report advises implementation of a "least privilege" environment to reduce the impact of such attacks.
Marco Peretti, chief technical officer at security firm BeyondTrust, agreed with the findings of the Sans Institute, urging users to follow the " principle of least privilege" in setting user access controls, permissions and rights.
Companies using Microsoft's Active Directory should take maximum advantage of Group Policy Objects to control user access, and should not rely on antivirus protection alone since zero-day attacks are often not detectable until new signatures are released.
"A zero-day vulnerability is a known flaw in software that does not have a patch available," said Marc Sachs, director of the Sans Internet Storm Center.
"In 2006 we have seen a significant rise in attacks that take advantage of zero-day vulnerabilities, leaving a user or system unable to defend against the attack since no patch is available."
This type of application-level attack is very hard to prevent with traditional flow-based schemes such as intrusion detection systems and firewalls.
Likewise, consumer-oriented security solutions such as antivirus software cannot usually detect the initial outbreak of a zero-day exploit attack.
"When users and applications are given more privileges than necessary, organisations expose themselves to threats such as malware and data theft no matter what defence they have in place," warned Peretti.
"A huge security problem that Windows enterprises face is that many users must be given administrative privileges in order to run required applications.
"However, as we have seen, administrative privileges are easily exploited by zero-day threats and malicious users. So you have to ask yourself if you trust your existing security defences."
- Exploit code adds to Windows 2000 threat
- Zero-day attacks thrive in 2006
- Microsoft plugs seven 'critical' security holes
- Windows hit by 'extremely critical' zero-day flaw
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all