Arguably, MS has the largest install base and very complex code.
That lends itself to exploit. Let's not pretend that other OSes don't have vulnerabilities.
How many Unix boxes out there still have the sendmail exploit available and thats a decade old.
It's all about the Sysadmin.