You would think a security firm would be running an all-Linux system.
True.
But most of their customers are on Windows, so I expect they must run Windows boxes for research, development, and testing.
Why Linux had a ton of vulnerabilities throughout the year..
Just like all OSes.
It wouldn't make a difference in the case of this hack.
The Chinese corporation Foxconn had digital certificates stolen...presumably. The Duqu 2.0 software nasty was signed using legit digital certificates issued to Foxconn, whose customers include Microsoft, Dell, Google, BlackBerry, Amazon, Apple, and Sony.
Thus, the operating system will happily load and run the Foxconn-signed Duqu 2.0's 64-bit kernel-level driver without setting off any alarms.
You would think a security company would know better than to open suspicious Word documents. This has nothing to do with the operating system. PEOPLE are the weakest security link in EVERY organization. Linux is consistently the first OS hacked in Black Hat events.