So no, stuff like this is not thoroughly tested just because MSFT.
True, it is more thoroughly tested because Windows runs on 88% of desktop/laptop PCs and is therefore the primary target for most security researchers and hackers. As I said, it's about the numbers, not the vendor or ideological purity.
Personally, I find Linux far easier to compromise cf. Windows precisely because it is FOSS. I recently modified and rebuilt SSH to log the passwords attackers use against my servers. I could have made it do anything of course, including building in a hard-coded back door. Much harder to do that with a closed source OS. Now you, being intimately familiar with GNU/Linux source code, might notice that I had done that - but would your average user? I doubt it.
autoplay isn't autorun btw. This attack couldn't work via Windows autoplay functions. If you know different, I'm sure the NSA will be in touch with a suitable cheque ;)