Microsoft patched 133 'critical' or 'important' vulnerabilities in 2006, more than doubling the number from 2005, according to data collected by security vendor McAfee. 

Both Microsoft and McAfee pointed to a variety of factors as the cause for the rise in vulnerabilities, but none of those suggested that there is anything wrong with the quality of Microsoft's code.

Dave Marcus, security research and communications manager at McAfee, told vnunet.com that Microsoft's software was not necessarily at fault, but that the overall success of the company's products made Microsoft a popular target for an ever-expanding market for exploits and malware.

"When it comes to talking about vulnerabilities, the existence of a vulnerability in and of itself does not mean that there is an increase in risk, " said Marcus.

"The rise in critical vulnerabilities really just means a rise in discoveries; the vulnerabilities were there in the first place."

Marcus pointed out that detecting and removing every possible vulnerability in an application like Windows or Office, which can contain millions of lines of code, would be nearly impossible.

Vulnerability researchers and malware writers are focusing their bug searches on critical vulnerabilities. Because they can be exploited to install malware and spyware, they are the most useful for commercial exploitation.

"The critical vulnerability is definitely the holy grail," said Marcus.

Mark Miller, director of the Microsoft security response centre, agreed that the increased monetary value placed on the discovery and exploitation of security vulnerabilities is causing more vulnerabilities to be found.

"I think there is a rise across the industry," he said. "Microsoft's increase is relative to that."

Marcus believes that Microsoft's market domination has put it in the spotlight for security researchers and malware authors, and that less popular applications yield a smaller pool of potential victims.

"Targets of opportunity is a big deal," he said.