Re: .NET 4.0.30319
The simple solution is a robust patching policy. One a previous employer used was
Cve 6 to 8 2 weeks to patch estate - servers, switches, firewalls, application software etc
Cve 9 or above 24 hours and you got clearance to take priority over every other planned piece of work.
That was a control in the PCI documentation, to make sure we did everything possible to secure the systems