Hello @Tanul ,
In general for all the images which gets pulled from mcr.microsoft.com repository and any pods which are under kube-system namespace - there is no action required from your end. AKS team will apply the fix for each of those vulnerabilities once the vendors release the official fix for their packages. AKS patches CVE's that have a vendor fix every week. The AKS Images will get automatically updated within 30 days.
One of the best recommended practice from your end is try to make sure to apply an updated node image on a regular cadence to ensure that the latest patched images & OS patches are all applied and update to date .
Try running: az aks update -g <> -n <> –node-image-only
Regards,
Shiva.