Vista will be hacked in under 15 minutes, without any operator at the keyboard. There’s multiple TCP/IP stack exploits where a remote hacker can take over the machine.
Note that the Mac bug exploit required the user’s intervention to occur - the user had to go to a compromised web page first. If the Mac was just sitting there unattended, nothing would have happened.
Vista (and ALL other MS OSes) are not so lucky.
Secunia doesn’t list Vista as having any unpatched vulnerabilities. Of the unpatched Mac vulnerabilities, none involve system access (only DoS and privilege escalation). These contests involve fully patched and protected machines, not out-of-the-box installations.
I’d suspect the choice of which to attack depends on the Linux build they’re offering. If the attacker can select, I’d guess they’d go with an easier target like Red Hat.