In my opinion it is an indirect threat that is obtained during the first step in an attack, information gathering.
Know what you're dealing with, from an attacker's perspective, helps you prepare a successful attack. The more information obtained during the information gathering process, the more likely it is for an attack to succeed.
It is quit hard, especially for larger organisations, to avoid disclosing this type of information. An example is the human resource department that is instructed to hire technical people. Searching for job opportunities at your target company generally reveals specific details about the infrastructure or used operating system(s).
Having said that, it is import to properly secure your network (network segregation), harden your operating system(s) and have proper policies and procedures in place. When this is considered sufficiently done, an attacker that only knows the operating system should not be a big deal.
Ultimately, the attacker will determine what operating systems are used anyway, just not in the information gathering process.