Company should just take down the whole thing. One vuln might be fixed but how many others might be there.