How specifically do attacks which target outdated software on a windows device, e.g. something assigned to an employee for daily duties such as a laptop/desktop, actually occur? Do they always require some form of user mistake, or does the very fact the software is outdated pose a problem regardless of tricking a user into some form of action?
I was thinking of things such as iTunes/adobe/java/none MS browsers as was suggested in another post as some of the higher risk 3rd party apps in terms of targets for hackers. I was just trying to identify some scenarios where those kinds of things could be exploited perhaps from someone external to the company.