Another race condition leading to NULL ptr dereference. Please note: this is completely different vulnerability than 6.4 one. It affects 7.x up to 7.2 and 6.x up to 6.4. It's going to be handled by security team soon.
Video Demo: vimeo.com
There no workarounds for any of these bugs.
I have written exploit codes for all of above, but they are private, and I won't give them to the blackhat community. Exploits will be published at least a week after official security advisory.
The last thing to mention: I received a lot of criticism after article in The Register. Please read some facts. I send few mails: on 29th Aug to security team, on 2nd Sep and 11th Sep directly to the security officer. None of them were responded until 14th September, when the article was out. I haven't published nothing more than a video, as it would made easier to develop independently working exploit. I belive, that this is the only responsible way to handle such security threat. Thanks to The Reg article, system administrators are now aware of threat and can take some countermeasures, like disabling untrusted user accounts, before official patch is available.