Publication Date: 2023/08/23 10:00 AM PDT

AWS is aware of three security issues (CVE-2023-3676, CVE-2023-3893, CVE-2023-3955) in Kubernetes that affect Amazon EKS customers with Windows EC2 nodes in their clusters. These issues do not affect any Kubernetes control plane or the service itself, nor do these issues permit cross-customer impact. Updated Amazon EKS Windows AMIs are now available for Kubernetes versions 1.23 through 1.27 that include patched builds of kubelet and csi-proxy. We recommend that EKS customers update their configurations to launch new worker nodes from the latest AMI version.

Customers using Managed node groups can refer to the EKS Documentation for instructions on upgrading their node groups. Customers self-managing worker nodes should replace existing instances with the new AMI version by referring to the EKS documentation.

Kubernetes Minor Version AMI Release Version Kubelet Version
v1.23 1.23-2023.08.17 v1.23.17-eks-8ccc7ba
v1.24 1.24-2023.08.17 v1.24.16-eks-8ccc7ba
v1.25 1.25-2023.08.17 v1.25.12-eks-8ccc7ba
v1.26 1.26-2023.08.17 v1.26.7-eks-8ccc7ba
v1.27 1.27-2023.08.17 v1.27.4-eks-8ccc7ba

If you have questions or concerns about these updates, please reach out to AWS Support. Security-related questions or concerns can be brought to our attention via