An operating system is only as secure as you want it to be.
Everything needs patches for bugs or security vulnerabilities. Windows, Mac OS and even Linux. The difference is how the system of identifying and patching these problems happens.
Windows is closed source, meaning that source is kept secret from everyone except the developers who work on the code itself. Some believe this can help security because crackers can't see the code. Also a single organization handles the release of patches.
Linux on the other hand uses a different approach entirely. Since all the code is open anyone can read it, so it is open for peer review. This forces the programmers to be much more considerate on how the write the code, both for readability and security purposes. Anyone can submit a patch to fix a problem for open source projects. The idea is that if more eyes are looking at the code then there is more of a chance to see a problem.
The open souce model I tend to think is better and faster at patching vulnerabilities (keep in mind I may be biased). I've seen vulnerabilities get patched in a matter of hours.
It also depends on the distribution you have as well. A distro with a good update tool like RedHat, Debian and Gentoo are easy to keep up to date.
In the end it's really the user that has to keep an updated system and lock off all unessential services. The same goes for any Windows server.
-DarkArctic