MS had 46, Suse had 48, Sun had 60, etc.
You should notice that they gave you numbers but didn't enumerate the vulnerabilities. What's normally done is limit MS products to just those in the default install (usually just those that MS wrote). However, Linux and Sun includes other peoples programs on their disks. See the problem?
(Chorus)It's not which one is better, it's which one is managed worse!
If you're going to compare products, do it on a case-by-case basis. Mail client vs mail client. Browser vs. browser. Core OS vs. core OS. Exploit which takes the Internet down vs. Exploit which takes the Internet down. Ad nausium.
Any report which just spouts numbers makes me think that the source of the report suddenly has additional funding from somewhere, as we've seen this before.