Unpatched software is another common vulnerability. For example, ransomware like older exploits, such as, CryptXXX, Locky, and the newer exploit, Sodinokibi, were distributed via exploit kits. Exploit kits target software vulnerabilities of Adobe Flash Player, Oracle Java, Internet Explorer, Microsoft Silverlight and other vulnerable applications.
If unpatched software is exploited, an exploit kit landing page can execute arbitrary code and initiate a silent drive by download. It is critical for system administrators to keep this type of software up to date as most infections dropped by Exploit Kits are known as "zero days". Zero-day threats are brand new and fully undetected by all antivirus until the threat is researched. If outdated software must be present in your environment, we recommend you download and install Microsoft's EMET to mitigate attacks. Download EMET
The information presented in this article has been taken from the Malware Prevention Guide