
During the same period, vendors such as Red Hat, Apple and Novell have had to patch hundreds of vulnerabilities, according to Microsoft.
Jones released a similar report in June chronicling vulnerabilities reported in major operating systems during the first 90 days after release.
The latest report does not give exact figures, only graphs, but the data appears to be accurate.
A tally of this year's security bulletins by www.vnunet.com found 43 flaws in Windows XP that had been patched, similar to Jones's estimates. In contrast, Apple's last security update alone patched 45 flaws in OS X.
Applications not installed by default, such as Microsoft Office, were not counted.
Red Hat Enterprise Linux 4 Workstation and Ubuntu Linux topped the list with roughly 170 and 150 vulnerabilities patched respectively. Red Hat's Enterprise Linux Desktop 5 received around 130 vulnerability fixes, according to Jones.
Jones's enterprise figures painted a similar picture, showing fewer than 40 fixes for Windows Server 2003, while Red Hat Enterprise Linux 4 Server had more than 100 vulnerabilities patched and Novell's SuSE Linux Enterprise server had roughly 70.
The study only takes into account vulnerabilities patched by the vendor, and does not record such things as current zero-day flaws.
The report also does not mention vulnerabilities that were or are currently being actively exploited, an area where Microsoft continues to be far more prone than its competitors.