If a version of an OS is known to have security flaws, then one can assume hackers will try to exploit those security flaws. A computer that has an OS or other software that is not patched for security fixes is insecure because a hacker only has to use known exploits to compromise the system.