Abstract: With advances in technology, Windows operating system has improved steadily. The combination of many memory protection mechanisms makes the traditional buffer-overflow-based attacks to be more useless. In this case, the kernel vulnerabilities can be used to break through the security line of defense as a starting point. If these vulnerabilities are used by viruses and Trojans, the defense of security software will be collapsed. That means a heavy blow to the system security. Since the Microsoft Windows NT's development, the operating system has been designed to support a number of different subsystems, such as POSIX or OS/2. This paper opens a series of CSRSS-oriented study, aiming at describing the uncovered CSRSS mechanism internals. Although some great research has already been carried out by some articles, no thorough case study is available until now. This paper covers both the very basic ideas and their implementations, as well as the recent CSRSS changes applied in modern operating systems. In addition, standing on the point of safety, in this paper, the Windows kernel vulnerabilities are classified, a set of vulnerability research process is presented. According to the process, this article studies local privilege escalation vulnerability and denial of service vulnerability about CSRSS. Through the analysis of the CVE011281 vulnerability, use-after-free exploit not only appears in the browser vulnerabilities, but also in the software of the system.