1. Installing a vendor-released software update to remove the vulnerability from the system
2. Dividing the network into isolated zones so that exploitation of one system cannot freely reach the rest
3. Disabling a vulnerable service or restricting access to it as a temporary measure until the patch can be deployed
4. A formally approved committee decision to leave a vulnerability unremediated because patching is not currently feasible