You have to be super duper "leet" as you put it :)

General rule: If its a microshaft product, it has problems....some are worse than others, and although it is not generally acceptable in many forms to do so (always read ToS before you do this) I took the software apart and studied the code, coding since I was young I've spent many years in a few languages that I feel are critical if you wish to learn security, take things apart, and write patches... those are C/C++, assembly, and VB - the rest will fall into place. 0versight had a valid point, learning the OS to the point where you can navigate through the registry without any hesitation is a good start. a good start to C/C++ for newbies is TICPP+ and you can download the book + code examples in many places on the net free of charge.

I won't speak on any matter with authority, but understanding basic programming concepts and examining the source code of programs is always a good start. There are some fairly common exploits made from programs that do not manage and limit their memory properly. Programs that overrun the boundaries of a malloc() memory allocation, touches a memory allocation that has been released by free(), or attempts to read/write to an inaccessible pages resulting in segmentation faults are generally offensive programs that could result in a compromised security of your system. There are several memory debugging tools available that will help you detect these scenarios.

Patching is most often simply modifying the ill-designed routine to correct the offensive behavior and recompiling.

As far as windows systems go, an in-depth understanding of system debugging tools like IDA or SoftIce combined with a working knowledge of PE structure, assembler, and hex editing is required to modify routines of an offensive software application resulting in a binary rewrite of the executable.