Microsoft has pushed its usual security update packages for February aiming at its whole software family, including Edge. In total, it brings 57 different CVE fixes and 19 of them are Edge-specific ones that are being fixed by Google; because the current version of Edge is based on Chromium.
No critical vulnerability in the list
The security package includes fixes for several different Microsoft products such as Azure Data Explorer, Microsoft Office, Power BI, SQL Server, Visual Studio Code, Windows Kernel, Windows Win32K, and much more. Excluding Edge, the total number of CVE fixes among those products is 38. They are mostly low and medium severity vulnerabilities according to CVSS 3.1 specification. There are also 8 high severity flaws, but not a single critical flaw.
Looking at the high severity fixes, CVE-2022-23272 is rated at 7.1 by CVSS 3.1; allows users to elevate privileges in Microsoft Dynamics GP via the network. CVE-2022-23274 is also related to Dynamics GP and allows remote code execution. It has a 7.2 severity score.
CVE-2022-21984 has the highest CVSS score among the February security package with 7.7. The vulnerability allows execution of remote code on Windows DNS Server. A flaw on Microsoft SharePoint Server, which is rated at 7.0 is on the list as well, can be tracked with CVE-2022-21987. A Windows kernel elevation of privilege vulnerability, CVE-2022-21989, has a CVSS score of 7.0.
CVE-2022-21991, Visual Studio code remote development extension has a vulnerability with 7.1 severity, allowing remote code execution. CVE-2022-22005, another Microsoft SharePoint Server vulnerability allows remote code execution with a CVSS score of 7.7. Lastly, Azure Data Explorer is vulnerable to spoofing, can be found under CVE-2022-23256 with a severity score of 7.1
All of those vulnerabilities are fixed by Microsoft’s February security package. You can check Windows Update to be safe from aforementioned vulnerabilities.