Wow, you *are* ignoring the sendmail and bind exploits - many of them were due to lax security rather than being coding bugs.
I'll give you that. I should have called them design or implementation deficiencies, not coding bugs. The Internet began as a really "in-house" sort of thing. They didn't anticipate that their collaborators would go out of their way to abuse what was then a shared and mostly trusted resource. The Morris Worm was pretty much a kid's white hat hacking that (oopsie) got out of control, and SMTP wasn't designed to prevent it. The Green Card Lawyers taught us how robust those systems were - jerks in the system could get anything they wanted to go through and there was little in the way of defence built into the system to stop them. Telnet, ftp, rsh all transmitted passwords en clair. "Oh, was that wrong?" Arpanet was designed to ensure communication wouldn't be disrupted. After all, they weren't expecting the Soviets to have access to any of it.
And you also seem to ignore the thriving antivirus markets that existed for the Atari, Amiga and other non-MS platforms - I wonder how MS was responsible for those!
I never had any of those, so never really cared about them. Then MS showed up so ripe for exploitation, it was a magnet for abuse. How did it work, you could name malicious.exe to malicious.exe.jpg and it would walk right past any defences (which were non-existent)? Meanwhile, MS decided users didn't need to care about file extensions (even while the OS did care), so they were hidden from the user by default. Great.
I can't believe anyone defends MS for the crap they've pulled. You should be livid about their multi-decade abuses, not to mention having had to pay them and other MS ecosystem crap purveyors for the privilege.