Abstract: With the rapid development of the global information technology, computer software has become the important engine of the world economy, science and technology, military and social development. The core of information security is attached to the security mechanism of the operating system and software vulnerabilities. Software vulnerability itself can not constitute attack, software vulnerability exploiting make the attack possible. This article is based on the Windows operating system, mainly analyzes the principles of some typical software vulnerabilities as well as the common ways to exploit software vulnerabilities, comparing them. in different environment.The article also simply analyzes the protective effect to software security and the hinder to software vulnerability exploiting of Windows security mechanisms. The article emphatically does some explorations and practices on exploiting several typical software vulnerabilities, analyzing the fragility of Windows security mechanisms by using the current popular methods of bypassing security mechanisms.