I'm not a Windows fanboy or anything (Full disclosure: I use it my media center and gaming PC, everything else is Mac (laptop and desktop), BSD (NAS box, FreeNAS and pfSense at my house) and Linux (my web hosting and ssh access to my house without exposing a PC with a bunch of data on it to the open Internet).
That said, other than blind allegiance to FOSS, there is little indication that with regular updates and proper policies and procedures that later versions of Windows Server (2008, 2008 R2, 2012) are somehow defective by design or less secure than their OSS alternatives. Granted, we can't see the source code WHICH IS A MAJOR PROBLEM. However, I've used it plenty in the enterprise and it's just fine. In fact, our Linux boxes were targeted and successfully rooted (remote attacks) in my mixed-tenant datacenter more frequently than the Windows boxes, hands down. In fact I can't recall a single remote Windows attack post-2008. Lots and lots and lots of wordpress/apache/LAMP etc. exploits however.