How do you prioritize vulnerabilities when a critical patch requires taking a high-availability system offline?