Update patches

The following compliance document requires that there are less than 10 unapplied patches with severity rating Critical, and the elapsed time since the oldest unapplied critical patch is less than 30 days.

<BESClientComplianceDocument Version="1.0">
	<ComplianceItem>
		<Designator>NumCritical</Designator>
		<Expression>
			10 > number of relevant fixlets whose 
			(value of header "x-fixlet-source-severity" of 
			it as lowercase = "critical") of sites
		</Expression>
		<Description>
			Total # of critical patches must be < 10
		</Description>
		<Comment>Compliant if True</Comment>
	</ComplianceItem>
<ComplianceItem>
	<Designator>MaxPatchAge</Designator>
	<Expression>
		if (exists relevant fixlet whose ((value of header "X-Fixlet-Source-Severity" of it 
			as lowercase = "critical") AND (value of header "X-Fixlet-Source-Release-Date" 
			of it does not contain "Unspecified")) of sites "bessecurity") 
			then ((30 > ((it - 1) of maximum of ((preceding texts of firsts " day" 
			of ((now + 1*day - it) as string) as integer) 
			of ((((it as string & " 00:00:00 -0700") 
			of ((value of header "X-Fixlet-Source-Release-Date" of it) of relevant fixlets 
			whose ((value of header "x-fixlet-source-severity" of it as lowercase = "critical") 
			AND (value of header "X-Fixlet-Source-Release-Date" of it 
			does not contain "Unspecified")) of sites)) as time))))) as string) else "True"
	</Expression>
	<Description>
		Elapsed time since the oldest unapplied critical patch 
		is less than 30 day(s)
	</Description>
	<Comment>Compliant if True</Comment>
</ComplianceItem>
</BESClientComplianceDocument>