The real problem is feeping creaturism
It's a stupid bug in a stupid syscall added to make webserver benchmarks look good.
The specific bug is the absence of checking on a memory address passed from a user program into the kernel.
In other words: it's caused by a combination of sloppy programming and vanity.
It says nothing about the relative security of linux vs. Windows.
OTOH, if they'd kept linux small and simple, like un*x used to be, instead of bloating it, this wouldn't have happened, so I suppose it says something about the security of badly- (or non-)designed systems in general.
BTW: this somewhat invalidates the OSS idea that a million eyes make for safe code: if that was so then this bug would never have made it into production.
There's no Paris Hilton angle, but there's no Jessica Biel icon (who she?): the exploit source code file was named "jessica_biel_naked_in_my_bed.c"
Aren't men sad?