Vulnerability scanners generally take one of two approaches to discovering security holes: nonintrusive or intrusive scanning. Nonintrusive methods generally include a simple scan of the target system's attributes (e.g., inspecting the file system for specific files or file versions, checking the registry for specific values, scanning for missing security updates, port scanning to discover which services are listening). Intrusive scanning actually tries to exploit the vulnerabilities the scanner is looking for. Several products use varying levels of intrusive scanning and let you pick an increasing or decreasing level of intrusiveness. Always be wary when scanning production computers, lest a scan's successful exploit accidentally takes down the target system.
