How many for windows? Depends, if I use your definition of always changing to explain away any issues then I could argue 0, but we know that’s not an honest answer just like OSX not being able to be attacked without the user giving up the admin password.
BTW: The slammer virus which is blamed on windows was a SQL issue and not an OS issue. Granted it was a Microsoft server, but as I’ve always said...Windows gets blamed for way more then it deserves simply because it’s easy and the users are ignorant. Many issues with windows is caused from Adobe products, but users will just blame windows.
The user would have to give an admin name and password to have it install to affect any system level operations. Even at the user level, the this article uses FUD phrasing by stating "more global" in its description of what the malware could do, if the user installed it in the user's home directory. Exactly what does "more global" mean, for-q-clinton, in reference to what could be done with a system wide installation? NOT much! In fact, very little... the user would still have to have installed the Java runtime applet to even BE vulnerable to this exploit. Do you have any idea what a small fraction of OSX users that is?
I again repeat, this is an ALREADY closed vulnerability, for the past TWO YEARS, affecting a small fraction of OSX users of older OSX Macs, and in addition, Apple has pushed out a patch fixing even THAT vulnerability within a short time of the announcement of its being found. The system now identifies it and prevents its download and/or installation. You are beating a dead horse.