Merge pull request #229272 from miwithro/patch-223

Update concepts-vulnerability-management.md

Author: prmerger-automator[bot]

articles/aks/concepts-vulnerability-management.md

@@ -3,7 +3,7 @@ title: Vulnerability management for Azure Kubernetes Service
 titleSuffix: Azure Kubernetes Service
 description: Learn how Microsoft manages security vulnerabilities for Azure Kubernetes Service (AKS) clusters.
 ms.topic: conceptual
-ms.date: 02/24/2023
+ms.date: 03/02/2023
 
 ---
 
@@ -47,11 +47,11 @@ In addition to automated scanning, Microsoft discovers and updates vulnerabiliti
 
 ### Linux nodes
 
-Each evening, Linux nodes in AKS receive security patches through their distribution security update channel. This behavior is automatically configured, as the nodes are deployed in an AKS cluster. To minimize disruption and potential impact to running workloads, nodes aren't automatically rebooted if a security patch or kernel update requires it. For more information about how to handle node reboots, see [Apply security and kernel updates to nodes in AKS][apply-security-kernel-updates-to-aks-nodes].
+Each evening, Linux nodes in AKS receive security patches through their distribution security update channel. This behavior is automatically configured, as the nodes are deployed in an AKS cluster. To minimize disruption and potential impact to running workloads, nodes aren't automatically rebooted if a security patch or kernel update requires it. For more information about how to handle node reboots, see [Apply security and kernel updates to nodes in AKS][apply-security-kernel-updates-to-aks-nodes]. 
 
 Nightly, we apply security updates to the OS on the node, but the node image used to create nodes for your cluster remains unchanged. If a new Linux node is added to your cluster, the original image is used to create the node. This new node receives all the security and kernel updates available during the automatic assessment performed every night, but remains unpatched until all checks and restarts are complete. You can use node image upgrade to check for and update node images used by your cluster. For more information on node image upgrade, see [Azure Kubernetes Service (AKS) node image upgrade][aks-node-image-upgrade].
 
-For AKS clusters on auto upgrade channel, a *node-image* doesn't pull security updates through the unattended upgrade process. They receive security updates through the weekly node image upgrade.
+For AKS clusters on the [OS auto upgrade](https://learn.microsoft.com/azure/aks/auto-upgrade-node-image) channel, the unattended upgrade process is disabled, and the OS nodes will receive security updates through the weekly node image upgrade.
 
 ### Windows Server nodes
 
@@ -84,7 +84,7 @@ Microsoft's goal is to mitigate detected vulnerabilities within a time period ap
 
 ## How vulnerabilities and updates are communicated
 
-In general, Microsoft doesn't broadly communicate the release of new patch versions for AKS. However, Microsoft constantly monitors and validates available CVE patches to support them in AKS in a timely manner. If a critical patch is found or user action is required, Microsoft [notifies you to upgrade to the newly available patch][aks-cve-feed].
+In general, Microsoft doesn't broadly communicate the release of new patch versions for AKS. However, Microsoft constantly monitors and validates available CVE patches to support them in AKS in a timely manner. If a critical patch is found or user action is required, Microsoft [posts and update on github][aks-cve-feed].
 
 ## Security Reporting
 
@@ -132,4 +132,4 @@ See the overview about [Upgrading Azure Kubernetes Service clusters and node poo
 [mrc-create-report]: https://aka.ms/opensource/security/create-report
 [msrc-pgp-key-page]: https://aka.ms/opensource/security/pgpkey
 [microsoft-security-response-center]: https://aka.ms/opensource/security/msrc
-[azure-bounty-program-overview]: https://www.microsoft.com/msrc/bounty-microsoft-azure
+[azure-bounty-program-overview]: https://www.microsoft.com/msrc/bounty-microsoft-azure