11/29/17 Apple has released Security update 2017-01 to patch this defect; update your machines!
Updates with more info from 9 to 5 Mac.
Linking from iMORE.COM
Quote from Apple:
“We are working on a software update to address this issue,” an Apple spokesperson told iMore. “In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”