Only if you’re running daemons as root. Which would be an idiotic move to begin with because that’s not how distros package their services. So you’d have to intentionally make this mistake.

No.

Not quite every week, but yeah it has a lot. And if the target uses sudo at all you don't even need an exploit!

But nobody mentioned Linux. There's no need for whataboutism. They both shouldn't have these vulnerabilities.

Probably, but is that service deployed as part of the base operating system or a third party package? Can you remove the service if you deem the crazy service behaviour is unnecessary or too risky for your usecase?