3 Critical Office RCEs + Copilot Wave 3: What to Know Now
March Patch Tuesday drops 83 vulnerabilities including three critical Office RCE flaws โ one of which weaponizes Copilot Agent Mode for zero-click data exfiltration. Meanwhile, Copilot Wave 3 is here with a new E7 tier at $99/user and Secure Boot deadlines are approaching.
๐ TL;DR โ What You Need to Know
- ๐ด PATCH NOW: March Patch Tuesday fixes 83 vulnerabilities โ 3 critical Office RCE flaws including one that lets attackers weaponize Copilot Agent Mode
- ๐ Copilot Wave 3 is here: New "Copilot Cowork" brings agentic AI that executes multi-step tasks autonomously across Office apps
- ๐ฐ New pricing tier: E7 bundle at $99/user/month combines M365 apps with full Copilot capabilities
- โฐ Deadline alert: Secure Boot certificate updates required by June 2026 โ start patching now
- โ ๏ธ Service disruption: M365/Outlook outage on March 16 appears resolved but stay alert
๐ด Patch Tuesday: 3 Office RCE Vulnerabilities Require Immediate Action
Microsoft's March 2026 security update addresses 83 total vulnerabilities, but three deserve your urgent attention:
| CVE | CVSS | Impact |
|---|---|---|
| CVE-2026-26110 | 8.4 | Office RCE via type confusion โ preview pane is attack vector |
| CVE-2026-26113 | 8.4 | Office RCE via untrusted pointer dereference |
| CVE-2026-26144 | 7.5 | Excel XSS that exfiltrates data via Copilot Agent Mode โ zero-click |
Affected systems: M365 Apps for Enterprise, SharePoint Server 2016/2019/SE
๐ก Copilot Wave 3 & Copilot Cowork Launch
Microsoft rolled out Wave 3 of M365 Copilot on March 9, introducing a significant leap in AI capabilities:
- Copilot Cowork: A new agentic AI mode that executes multi-step tasks autonomously across Word, Excel, PowerPoint, and Outlook โ built on Anthropic's Claude
- Native embedding: Copilot is now built directly into Office apps rather than running as a sidebar companion
- New E7 tier: $99/user/month bundling M365 apps with full Copilot capabilities
- Enhanced SharePoint grounding: Agents can now draw from broader organizational knowledge
Teams Rooms Features Expand to Government Clouds
Good news for GCC, GCC High, and DoD customers โ key Teams Rooms capabilities are arriving:
- Chat for organizers in structured meetings and webinars
- Enhanced issue detection with auto-remediation (Rooms Pro)
- Improved @mentions copy/paste support
Secure Boot Certificate Deadline: June 2026
Organizations must apply February + March 2026 cumulative updates to Windows endpoints before the June deadline. This isn't optional โ devices without the updated certificates will have boot issues after the cutoff.
โก Quick Hits
- M365 Roadmap Week 11: 79 items changed, 25 new items added โ primary focus on Teams and government cloud parity
- Surface Pro 11 Firmware: Business-focused update addresses touchscreen responsiveness and accessory compatibility bugs
- SharePoint Turns 25: Microsoft published an anniversary retrospective tracing SharePoint's evolution from knowledge-sharing tool to AI-era platform foundation
- Service Advisory: Outlook/M365 login issues reported on March 16 (~10:48 AM BST) โ appears resolved, but monitor for recurrence
โ Admin Action Items
| Priority | Action | Deadline |
|---|---|---|
| ๐ด Critical | Deploy March security updates for M365 Apps | ASAP |
| ๐ด Critical | Patch SharePoint Server 2016/2019/SE | ASAP |
| ๐ก High | Plan Secure Boot certificate update deployment | Before June 2026 |
| ๐ก High | Review Copilot Wave 3 features & E7 licensing options | This quarter |
| ๐ต Normal | Update Teams Rooms in GCC environments | Per change management |
๐ฅ The Bottom Line
Another week, another batch of critical patches โ such is the rhythm of M365 administration. The CVE-2026-26144 vulnerability is a stark reminder that as AI capabilities expand, so do attack surfaces. Copilot Agent Mode is powerful, but that power needs to be secured.
On the brighter side, Wave 3 represents a genuine step-change in how AI integrates with productivity tools. If your organization is still on the fence about Copilot, the new E7 tier might be the push you need โ or at least a conversation worth having with finance.
Stay ahead. Stay informed. ๐ฅ
Questions about patching or Copilot licensing?
Fireside Cloud Solutions helps organizations navigate security updates and AI adoption. Let's talk about your roadmap.
Schedule a Free Consultation โThe M365 Pulse is published weekly by Fireside Cloud Solutions. Next edition: March 24, 2026.