What classes of vulnerabilities are you referring to that are likely to show up in a microkernel-based design but not in a monolithic one? Do you think adding those classes of vulnerabilities to the picture will result in more, about the same, or fewer critical security issues between the systems overall, and why? Please be specific.

True but in the case of windows gdi has been a never ending pinata of critical bugs.