What is your strategy for handling a security issue that affects a critical production system with no easy maintenance window?