A year-long study into the underground market for exploits in cybercriminal forums shows that crooks are salivating for Microsoft bugs. Microsoft products are far and away the most requested and most sold exploits. Researchers tracked the exploits that were sold and requested on more than 600 underground forums over a year. Researchers found that the average price for exploits that threat actors were willing to pay was $2,000. The average time to patch an internet-facing system is 71 days: a lot of time for attackers to do some damage.
Source: https://threatpost.com/top-microsoft-adobe-exploits-list/166241/