It’s going to be tough to write a query that perfectly captures vulns with a patch OS solution, since I don’t think any of the fields we have to work with will 100% convey that. But you can narrow things down with the “PATCH” and “ROLLUP” solution types, and then filter based on vuln categories that are OS-specific. Here’s an example query with that filtering.
SELECT dv.vulnerability_id, dv.title AS vuln, dvc.category_name,
ds.solution_type, ds.summary AS solution
FROM dim_vulnerability dv
JOIN dim_vulnerability_category dvc USING (vulnerability_id)
JOIN asset_vulnerability_best_solution avbs USING (vulnerability_id)
JOIN dim_solution ds USING (solution_id)
WHERE (dvc.category_name = 'Microsoft Windows')
AND (ds.solution_type = 'PATCH' OR ds.solution_type = 'ROLLUP')
GROUP BY dv.vulnerability_id, dv.title, dvc.category_name,
ds.solution_type, ds.summary