A company has identified critical vulnerabilities in its web servers. As part of the action plan, what is the most appropriate first step the organization should take to mitigate these vulnerabilities?
Apply available patches to the affected web servers
Update the configuration management database (CMDB)
Initiate an awareness program to educate employees about the vulnerability
Implement compensating controls to reduce the risk