How would you approach a situation where a critical vulnerability was discovered in a deployed application?