Security firm Avecto said its research, titled "2016 Microsoft Vulnerabilities Study: Mitigating risk by removing user privileges", had also found that a vast majority of vulnerabilities found in Microsoft products could be mitigated by removing admin rights.
The research found that, despite its claims to being the "most secure" of Microsoft's operating systems, Windows 10 had 395 vulnerabilities in 2016, while Windows 8 and 8.1 each had 265.
The research also found that while 530 Microsoft vulnerabilities were reported — marginally up from the 524 reported in 2015 — and 189 given a critical rating, 94% could be mitigated by removing admin rights. This was up from 85% in 2015.
And, if one looked at all the Microsoft vulnerabilities reported for 2016, two-thirds could be mitigated by removing admin rights.
This is the fourth report of its kind from Avecto.
The research also found that the total number of Windows vulnerabilities reported had gone up by 63% from 2013 to 2016.
Avecto found that 416 vulnerabilities had been reported across Windows Vista, Windows 7, Windows RT, Windows 8/8.1 and Windows 10 in 2016, compared to 433 in 2015 and 300 in 2014.
"Remote Code Execution (RCE) vulnerabilities account for the largest proportion of total Microsoft vulnerabilities. Of these, 70% were classed as Critical. Almost 90% of total RCE vulnerabilities and 94% of Critical RCE vulnerabilities could be mitigated by removal of admin rights," the report said.