Update concepts-vulnerability-management.md

miwithro · web-flow · commit 955ab6ac5b02 · 2023-03-02T10:39:43.000-05:00
diff --git a/articles/aks/concepts-vulnerability-management.md b/articles/aks/concepts-vulnerability-management.md
@@ -47,11 +47,11 @@ In addition to automated scanning, Microsoft discovers and updates vulnerabiliti
 
 ### Linux nodes
 
-Each evening, Linux nodes in AKS receive security patches through their distribution security update channel. This behavior is automatically configured, as the nodes are deployed in an AKS cluster. To minimize disruption and potential impact to running workloads, nodes aren't automatically rebooted if a security patch or kernel update requires it. For more information about how to handle node reboots, see [Apply security and kernel updates to nodes in AKS][apply-security-kernel-updates-to-aks-nodes].
+Each evening, Linux nodes in AKS receive security patches through their distribution security update channel. This behavior is automatically configured, as the nodes are deployed in an AKS cluster. To minimize disruption and potential impact to running workloads, nodes aren't automatically rebooted if a security patch or kernel update requires it. For more information about how to handle node reboots, see [Apply security and kernel updates to nodes in AKS][apply-security-kernel-updates-to-aks-nodes]. 
 
 Nightly, we apply security updates to the OS on the node, but the node image used to create nodes for your cluster remains unchanged. If a new Linux node is added to your cluster, the original image is used to create the node. This new node receives all the security and kernel updates available during the automatic assessment performed every night, but remains unpatched until all checks and restarts are complete. You can use node image upgrade to check for and update node images used by your cluster. For more information on node image upgrade, see [Azure Kubernetes Service (AKS) node image upgrade][aks-node-image-upgrade].
 
-For AKS clusters on auto upgrade channel, a *node-image* doesn't pull security updates through the unattended upgrade process. They receive security updates through the weekly node image upgrade.
+For AKS clusters on the OS auto upgrade channel, the unattended upgrade process is disabled, and the OS nodes will receive security updates through the weekly node image upgrade.
 
 ### Windows Server nodes
 
@@ -132,4 +132,4 @@ See the overview about [Upgrading Azure Kubernetes Service clusters and node poo
 [mrc-create-report]: https://aka.ms/opensource/security/create-report
 [msrc-pgp-key-page]: https://aka.ms/opensource/security/pgpkey
 [microsoft-security-response-center]: https://aka.ms/opensource/security/msrc
-[azure-bounty-program-overview]: https://www.microsoft.com/msrc/bounty-microsoft-azure
+[azure-bounty-program-overview]: https://www.microsoft.com/msrc/bounty-microsoft-azure
