Office Zero-Day Exploited + July Pricing Changes Confirmed
CVE-2026-21509 is being actively exploited in the wild — Office 2016/2019 users need to patch manually. M365 price increases (5-8%) are locked in for July 1. Copilot's PowerPoint Agent Mode is rolling out, and security experts say runtime monitoring is now essential. Here's what IT admins need to know.
📋 TL;DR — What You Need to Know
- 🚨 Patch now: Office zero-day (CVE-2026-21509) actively exploited — Office 2016/2019 requires manual update
- 💰 Budget alert: M365 price increases (5-8%) confirmed for July 1 — lock in renewals now
- 🤖 Copilot news: PowerPoint Agent Mode rolling out (autonomous presentation creation)
- 🔐 Security shift: Traditional config-based security isn't enough — runtime monitoring now essential for Copilot
- 📊 Roadmap activity: 84 items changed, 47 new features added in Week 7
🔴 Office Zero-Day Under Active Exploitation (CVE-2026-21509)
Microsoft patched a high-severity vulnerability (CVSS 7.8) that attackers are already using in the wild. The flaw bypasses OLE mitigations in Microsoft 365 and Office, allowing compromise through malicious Office documents.
| Affected Products | Status |
|---|---|
| Office 2016/2019 | ⚠️ Manual update required |
| Office LTSC 2021/2024 | ✅ Auto-protected (restart apps) |
| M365 Apps for Enterprise | ✅ Auto-protected (restart apps) |
🟠 Microsoft 365 Pricing Changes — July 1, 2026
Microsoft confirmed pricing updates across most M365 plans:
| SKU | Change |
|---|---|
| Business Basic/Standard | 5-8% increase |
| Enterprise E3/E5 | 5-8% increase |
| Government G3/G5 | +$3-$3.90/user/mo (~8%) |
| Business Premium | ✅ No increase |
| Office 365 E1 | ✅ No increase |
New bundled features include Intune Suite for E3/E5, advanced email protections, and baseline Copilot AI capabilities.
🤖 Copilot PowerPoint Agent Mode Now Rolling Out
Microsoft is deploying a new agentic capability that allows PowerPoint to autonomously build presentations by pulling content from SharePoint, OneDrive, emails, and Teams chats. Rollout continues through June 2026.
This marks a shift from "assisted editing" to "autonomous creation" — expect user training needs around data governance and output review.
🔐 Copilot Security Architecture: Runtime Monitoring Now Essential
Security Boulevard published analysis on Copilot's runtime security challenges. Key insight: traditional configuration-based security is insufficient for Copilot's dynamic RAG behavior.
Organizations need runtime monitoring to track which documents are influencing AI responses. This is a significant shift in security posture for enterprises deploying Copilot at scale.
⚡ Quick Hits
- Intune In Development (Feb 2026): Updated feature roadmap released for IT planning → aka.ms/Intune_InDevelopment
- M365 Roadmap Week 7: 84 roadmap items changed, 47 new items added, 17 Message Center items changed, 16 new Message Center items added
- Copilot Adoption: 15M paid seats (160% YoY growth), representing ~3.3% of M365/Office user base
✅ Admin Action Items
- 🔴 Critical: Patch Office 2016/2019 for CVE-2026-21509 — immediate
- 🔴 Critical: Restart M365 Apps post-update — this week
- 🟠 High: Review M365 renewal pricing; lock in before July 1 — before Q2 renewals
- 🟠 High: Assess Copilot runtime monitoring needs — Q1 2026
- 🟡 Medium: Review Intune In Development roadmap — before March planning
📅 Key Dates
| Date | Event |
|---|---|
| Feb 11 | Patch Tuesday — Apply zero-day fixes |
| Apr 1, 2026 | CSP grace period ends; EST begins |
| Jun 2026 | Secure Boot 2011 certificates expire |
| Jul 1, 2026 | M365 price increases effective |
🔥 The Bottom Line
This week's message is clear: patch, plan, and prepare. The Office zero-day requires immediate attention, while the July pricing changes give you time to optimize renewals. Copilot continues its march toward autonomous capabilities — organizations should start planning governance frameworks now.
Questions? Need help assessing your environment?
Fireside Cloud Solutions can help you prioritize your patching schedule, review your licensing agreements, and plan for Copilot governance. We're here to help.
Contact Fireside Cloud Solutions →