Data collected by a Microsoft security researcher suggests that the company had to patch far fewer software vulnerabilities than competing vendors in 2007.

A vulnerability report maintained by Jeff Jones, strategy director at Microsoft's Security Technology Unit, claimed that the firm's Windows XP, Vista and Server operating systems required patches for some 20-45 vulnerabilities each.

During the same period, vendors such as Red Hat, Apple and Novell have had to patch hundreds of vulnerabilities, according to Microsoft.

Jones released a similar report in June chronicling vulnerabilities reported in major operating systems during the first 90 days after release.

The latest report does not give exact figures, only graphs, but the data appears to be accurate.

A tally of this year's security bulletins by vnunet.com found 43 flaws in Windows XP that had been patched, similar to Jones's estimates. In contrast, Apple's last security update alone patched 45 flaws in OS X.

Applications not installed by default, such as Microsoft Office, were not counted.

Red Hat Enterprise Linux 4 Workstation and Ubuntu Linux topped the list with roughly 170 and 150 vulnerabilities patched r espectively. Red Hat's Enterprise Linux Desktop 5 received around 130 vulnerability fixes, according to Jones.

Jones's enterprise figures painted a similar picture, showing fewer than 40 fixes for Windows Server 2003, while Red Hat Enterprise Linux 4 Server had more than 100 vulnerabilities patched and Novell's SuSE Linux Enterprise server had roughly 70.

The study only takes into account vulnerabilities patched by the vendor, and does not record such things as current zero-day flaws.

The report also does not mention vulnerabilities that were or are currently being actively exploited, an area where Microsoft continues to be far more prone than its competitors.