A company has identified critical vulnerabilities in its web servers. As part of the action plan, what is the most appropriate first step the organization should take to mitigate these vulnerabilities?
Implement compensating controls to reduce the risk
Update the configuration management database (CMDB)
Apply available patches to the affected web servers
Initiate an awareness program to educate employees about the vulnerability