Jessica identified a missing patch on a Windows server that might allow an attacker to gain remote control of the system. After consulting with her manager, she applied the patch. From a risk management perspective, what has she done?
a. Reduced the threat
b. Reduced the vulnerability
c. Removed the threat
d. Removed the vulnerability