A vendor normally releases security patches for its operating system on a monthly basis. An administrator receives an email from the vendor that says the vendor has published a patch for a zero-day flaw in its operating system outside of the normal patch schedule. Which of the following actions should the administrator take first in order to properly address this issue in a production environment?

Delaying the patch for a zero-day flaw until the next scheduled monthly release exposes the organization to potential security risks. Zero-day vulnerabilities can be actively exploited by attackers, so immediate action is necessary rather than waiting for the routine update cycle.

Deploying the patch immediately across all systems without prior testing may lead to unforeseen compatibility issues or system failures. A rushed deployment can disrupt business operations, emphasizing the importance of validating the patch in a controlled setting first.

While it is important to consider the stability of the production environment, simply delaying the deployment without testing does not address the critical security issue posed by the zero-day flaw. A proactive approach, including initial testing, is essential to balance security needs with operational integrity.