Publication Date: 2023/11/14 11:30 AM PDT
AWS is aware of CVE-2023-5528, an issue in Kubernetes. Amazon EKS optimized Windows AMIs are not affected by the issue because the Kubernetes local-storage storage class type is disabled on EKS Windows AMI.
As a security best practice, we recommend that EKS customers update their configurations to launch new worker nodes from the latest AMI version. Customers using Managed node groups can upgrade their node groups by referring to the EKS documentation. Please refer to the EKS documentation to replace your existing instances with your self-managing worker nodes with the new AMI version.
Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.