I have to disagree here as I've seem many systems with exploited holes
that only ever ran MS software due to the organisation being totally MS centric. Windows, MS Office, Outlook, MS Internet Explorer, MS Defender, Windows Server, etc - their accounts were outsourced and that company only ever sent over printed reports. All software within the organisation had to be Microsoft or you couldn't load it on a company system. yet they had one of the highest infection rates I've ever seen in a corporate environment, especially for an organisation of 23 people.
Keep Up with TechRepublic