The operating system (OS) is, in fact, software. There are many different software components in the OS that are susceptible to flaws and Microsoft's dominance in the IT world has made them a convenient target for security attacks. As security fixes have progressed, it has become increasingly difficult to find new flaws in the OS components and relatively easy to find software vulnerabilities in other applications.
As hackers have done their own cost effective calculations, they have begun to target non-OS software components. Therefore, today we are seeing a large increase in vulnerabilities found in other software applications.