What are the vulns that are most likely to be used for the next major virus attack?
Forget about LSASS.
Whats next?
What is the most likely vuln to be used?
Is there an exploit avail for it?(if so, link)
Is there a patch avail for it?(if so, link)
etc.

Secondly, are there any other programs like immunitysec's canvas 
(www.immunitysec.com)/core security.
That is, paid penetration testing programs.
(Core security's program costs $50,000, something more like canvas
would be better).

Regards,
Gerth.

If anybody knew where the next major exploit would be located, I'm
sure they would have it patched by now.

As to your second question, it may not be as sophisticated as the link
in your second question, but it should be enough for just standard
problems.

http://www.microsoft.com/technet/security/tools/mbsahome.mspx

well i think so it would be again RPC.

There are lots of vulnerability scanning tools available, some are
even free (open source):

Nessus: www.nessus.org (Open Source)
ISS System scanner: http://www.iss.net/products_services/enterprise_protection/vulnerability_assessment/scanner_system.php
eEye Retina: http://www.eeye.com/html/products/retina/index.html

Nessus is a widely used and highly respected tool so don't be put off
by the fact that it is open source. Almost any well respected security
expert will be using Nessus and will also probably advocate using
multiple vulnerability assessment tools including some that they have
developed themselves.

As for paid penetration testing, unless you are a large business this
isn't really a requirement. If you are a large business then $50,000
isn't such a big investment. Many of the big consulting firms offer
penetration testing, although of the big ones I think only Ernst &
Young are worthwhile. If you want to go this route check into E&Y,
Secure Computing (http://www.securecomputing.com/) and Network
Presence (www.netpr.com).

NetPR is a great company, I know a couple of the guys who work/have
worked there and they are all incredibly talented including Stan
Borinksi who is the President of the company.

As of today a mojor worm is more likely to infect IE users using the
latest GDI+ vulnerability (which has been around for sometime).
http://www.k-otik.com and http://www.securiteam.com both have the
advisory as well as exploit code available. FullDisclosure have a post
about a worm being in wild and I personally tested out the exploit
code in a test environment. It works like a charm. Right now am
looking for the worm binary so it can be studied and disected.
Microsoft have released a patch for it so just have a look at update
section.

For the vulnerability scanners there are plenty of them around as
mentioned by forgey. for the free tools i believe nessus, nmap and
nikto makes quite a combination and is very effective. There are live
cd distributions of linux as well which are security centric. for
example local area security, knoppix-std, auditor etc. they have tons
of nice lil utilities arranged with them so you might want to have a
look at their tool list. for windows I go along with retina (though
the performance of retina 5.x was buggy for me), ISS, shadow security
scanner, n-stealth and nmap/superscan.

Regards

I am going to answer your first question with some questions -- apply
these to whatever the current vulnerabilities are to get your answer:

1. What vulnerability is either brain-dead to exploit or has really
solid public exploit code available?
2. What vulnerability affects a large percentage (%1 minimum) of
servers or workstations OR is trivial to discover vulnerable servers.

The answer for Today (March 5th) is easy. CGI and PHP exploits. These
are simple to exploit and can be easily discovered with any internet
search engine. The AWStats and other forum bugs (like phpBB) are what
you should expect.

Now for the second question. There is an open-source exploit toolset
called the Metasploit Framework, it includes ~55 odd exploits and tons
of different payloads (bind shell, vnc injection, add user, etc). This
tool can be downloaded from
http://www.metasploit.com/projects/Framework/. It runs on Windows,
Linux,  MacOS, and just about any flavor of Unix you can find. If you
find this useful, please consider donating via the web site.