The IT department of Kelly's CodeLab Innovations has discovered a system vulnerability. The vulnerability has a medium likelihood of being exploited and if exploited, could lead to significant data loss. Which of the following is the MOST reasonable course of action?
A. Ignore the vulnerability until an attack occurs
B. Upgrade all software systems
C. Deploy a new firewall
D. Investigate and prioritize the vulnerability based on its potential impact on the affected hosts