There is a difference between security and non-security bugs. Null pointer dereferences and hangs are not security bugs. Security bugs you are supposed to report to MSRC. Non-security bugs typically has to wait until next version of IE to fix.
That is assuming that it is easy to tell the difference between security and non-security bugs. Null pointer dereferences can and have been exploited to escape security sandboxes. I read about an interesting one a few years in flash. unfortunately all i can find now are secondary sources (http://www.zdnet.com/blog/security/mark-dowds-null-pointer-d...).
