Re: Perhaps money will talk louder:
"Yes, having a vulnerability on your system without even the OPTION to fix it while you have to wait a month for the vendor to release a patch is a WONDERFUL way to manage security."
The vast majority of Microsoft vulnerabilities are not published until patched. In the case where one is and is likely to be exploited, Microsoft often release what they call Out Of Band updates.
But generally you can test and release updates on a planned schedule. If you patch everything without testing then good luck with that... And if you have to start a new test cycle every time a new patch is released on Linux then you have a much harder job patching and with version control than I do on Windows!