All posts by Keumars Afifi-Sabet

Salesforce’s $28bn Slack acquisition: What’s next for workplace collaboration?


Keumars Afifi-Sabet

22 Jul, 2021

Despite the eye-watering $27.7 billion (roughly £20.2 billion) fee involved, nobody raised an eyebrow at Salesforce’s acquisition of the workplace collaboration platform Slack in December 2020. Workplace collaboration is all the rage – especially following the pandemic – with several entities hoping to capitalise on the changing world of work, including Microsoft Teams, Facebook Workplace, and even Citrix, with its multi-billion-dollar Wrike acquisition.

Slack has long been one of the biggest names on the scene, although its early dominance was dwarfed by the emergence of Teams, which surged in popularity thanks to its capacity to tap into the ubiquity of Microsoft products.

With US antitrust regulators clearing the $27.7 billion deal this week – one of the biggest acquisitions in tech history – Salesforce is now free to position Slack as a much stronger challenger.

The CRM giant will also have been buoyed by a 36% surge in year-on-year revenue for the first quarter of the year, with Slack adding 13,000 more paid customers too, taking its total to 169,000. With late-2020 stagnation firmly in the rearview mirror, this is the sort of momentum Salesforce hopes to build on, as it eyes up expanding on cross-business collaboration and undergoing a fundamental rewiring of the nature of work.

Better connected

There were fears in December that Salesforce muscling its way into operations would spell the end for Slack as we knew it. Much of Salesforce’s rhetoric over subsequent months, however, seemed to align well with Slack’s existing plans; namely devising a means to replace email entirely in light of a longstanding antagonism to the legacy system.

Launched last June, Slack Connect is a way for organisations to add up to 20 others into a single Slack channel, allowing businesses to migrate supply chains and external ecosystems into a single hub. It was seen as a smart move – after all, what more proof might you need that you’re onto something when Microsoft Teams launches an effective carbon copy feature? Salesforce sees this tool as the foundation for building on its vision for a ‘digital HQ’ that allows businesses to collaborate across the virtual borders traditionally established between companies.

“We couldn’t be more excited to have Slack as part of the Salesforce family, combining the #1 CRM and the trailblazing digital platform for the work anywhere world,” Marc Benioff, chair and CEO of Salesforce, said after the deal cleared. “Together we’ll define the future of enterprise software, creating the digital HQ that enables every organisation to deliver customer and employee success from anywhere.”

Stewart Butterfield, CEO and co-founder of Slack, and Salesforce president Bret Taylor added in an interview with Reuters that this merger is an opportunity to connect customers to smoothen the process of making business deals. Slack channels, for example, can be recreated to replace all emails, phone calls, and video conferences that might otherwise occur between, say, a sales team doing a deal with a procurement team at another company. Slack’s growing list of integrations also means that documents from third-party platforms such as Google Drive can be signed with services like DocuSign.

Reimagining the workplace

With this acquisition closing, Salesforce has been keen to push the idea of a ‘digital HQ’, which is very much an idea born of the effects of the COVID-19 pandemic. Companies across the world, the firm says, have learned that surviving as a business is incredibly challenging without means to connect with employees, customers, and partners through digital channels. As such, headquarters are no longer physical locations and are instead mostly based in the cloud, with every industry adjusting to a digital-first environment.

Alluding to the fundamental changes we’ve seen throughout the last few months, Butterfield, who will continue to lead Slack, sees the acquisition as “a once-in-a-generation opportunity to rethink and reshape everything about how and where we work”. The merger, the firm adds, will create a business operating system for whatever this new world of work is.

Although Salesforce says it’s committed to Slack’s roadmap and vision, with the platform continuing to operate under its own brand, the firm has suggested it will integrate Slack into its Customer 360 platform. Launched in 2018, this tool gives companies the capacity to connect Salesforce apps and create unified customer IDs to build a single view of the customer. It was built on the technology of a previous acquisition, MuleSoft, to allow companies to connect apps, data sources, and devices across any cloud service or on-premise server. Every Salesforce Cloud and industry-specific platform will now be deeply integrated with Slack, with the platform serving as the new interface for Customer 360.

Integrations remain a priority

Part of Salesforce’s mission to make the digital workplace more accessible also involves expanding the integrations and interoperability in Slack. Speaking to Reuters, Butterfield added Slack will continue to integrate with Microsoft, despite an intense rivalry, because that sits in line with the goal of making it easier for employees to get things done.

“What customers want is interoperability. They don’t want to have to make hard choices,” he added. “We’ll integrate with everyone – Microsoft and Salesforce, of course, but also ServiceNow and Workday, and more or less anyone you can think of.”

Given the expansion of remote working, changing workplace culture, as well as digitisation of the workplace, this could be one of the most important acquisitions in tech history in terms of its timing. This period is very much seen as a fresh start for defining the nature of work, and what the workplace means, although it’s not clear how things will settle once the pandemic is well and truly over and businesses embark on their next, more stable, chapter.

For all this talk about reimagining the workplace, a cross-industry disinclination to define what this actually means suggests it’s still very much an unknown quantity. This acquisition, however, might be the right deal at the right time for both Salesforce and Slack to attack this question head-on, and help position them as influential architects of whatever comes next.

SAP to launch UK cloud service as part of £200 million investment


Keumars Afifi-Sabet

20 Jul, 2021

SAP will launch a secure UK-based cloud service and set up new offices in London and Manchester as part of a five-year investment package worth €250 million (approximately £212 million).

SAP UK Data Cloud, a new cloud infrastructure for the public sector, will combine the firm’s hyper-scale partnerships with AWS, Azure and Google Cloud with UK data centres to launch an in-nation cloud.

This will be designed to meet the tight regulatory needs of the public sector, while also supporting the UK’s critical national infrastructure in healthcare, transport, education, policing, utilities as well as central and local government operations.

Working with SAP National Security Services (NS2), SAP will ensure that all personal data is safeguarded and resides within the UK. 

The capability to handle official sensitive data will go live in early 2020, with a host of SAP cloud services available at launch. These include SAP S/4HANA Cloud, SAP Success Factors, SAP Business Technology Platform and SAP Analytics Cloud. 

It follows the company’s decision to go “all-in” on cloud computing in October last year. This announcement, however, saw the firm’s valuation drop by €25 billion (£27.8bn). 

“The impact of this for public services can’t be overstated,” SAP said in an explainer on what its UK Data Cloud is and how it works. 

“By modernising and transforming systems through cloud transformation, time after time we’ve seen services simplified, unnecessary costs removed and capacity created for staff, such as frontline workers, freed up to carry out crucial roles – without being waylaid by cumbersome and time-intensive administrative systems. 

“In addition to driving significant efficiencies, harnessing public cloud with sensitive data will facilitate better insights, driving faster and improved decision making to transform citizen services.”

As part of the five-year investment, SAP will also open offices this year to accommodate flexible working arrangements and serve its widespread customer base. 

There’ll also be a customer experience centre built into the new London offices, which will offer facilities for customers and partners to identify and pursue innovation opportunities with SAP. The facility near Manchester, which will be completed later this year, will allow SAP to work and engage more closely with companies around the country, the firm claims.

“It’s great to see SAP demonstrating its commitment to the UK and investing heavily to create new jobs and helping ensure long-term digital prosperity is evenly spread across the entire country,” said UK digital infrastructure minister, Matt Warman. 

“Tech is at the heart of our plans to power Britain’s recovery full speed out of the pandemic and we are backing the sector with world-class infrastructure and skills training to make sure the UK is the best place to start and grow a digital business.”

By 2026, SAP additionally hopes to support an additional 250 interns through its internship programme, alongside plans to scale up its apprenticeship programme to grow the number of skilled workers across the industry.

Microsoft will reportedly acquire RiskIQ for $500 million


Keumars Afifi-Sabet

12 Jul, 2021

Microsoft is set to strike a deal to acquire security software firm RiskIQ as it seeks to bolster the security of its core products.

RiskIQ provides customers with cloud-based software as a service (SaaS) protection to detect phishing attacks, fraud attempts and malware infections. The company’s SaaS platform taps into a global Internet Intelligence graph that’s mapped billions of relationships between online elements within every organisation and hackers. 

Microsoft is set to purchase the security company in a $500 million (roughly £361 million) deal, according to Bloomberg, as it seeks to integrate RiskIQ’s services into its flagship products and improve the overall resilience for customers. 

This would play into the trend of Microsoft adding more security-oriented tools to platforms like Windows and Azure in recent years as the prospect of cyber threats continues to swell. 

Last year, for example, Microsoft announced a strategic shift to compile its detection and event management services under the Microsoft Defender brand, alongside a host of new services and tools that customers can adopt. The firm described Microsoft Defender, at the time, as the “broadest resource coverage” of any portfolio across the industry, spanning identity protection, endpoints, cloud applications and infrastructure. 

This has come alongside a recruitment drive to add staff to examine Microsoft’s products for vulnerabilities, respond to attacks that its clients face, as well as run the Microsoft threat Intelligence Center, Bloomberg also reports.

Microsoft also struck a partnership with the cyber security organisation MITRE to integrate its adversarial tactics, techniques and common knowledge (ATT&CK) framework into Azure to build a foundation for developing threat models.

This integration saw the organisations jointly launch the Security Stack Mappings for Azure research project, which introduced a library of mappings that connect built-in Azure security controls to the techniques, identified by ATT&CK, that they’re designed to protect against. 

In June, meanwhile, Microsoft also acquired Internet of Things (IoT) security firm ReFirm Labs for an undisclosed fee. Microsoft highlighted the open source Binwalk software, which analyses thousands of device types for firmware issues, as a key reason for why it pursued the acquisition. The firm added these analytical capabilities would help secure IoT and operational technology (OT) devices through Azure Defender for IoT. 

Microsoft, alongside a number of other major companies, has been struggling to deal with the fallout of several major attacks. The most recent has been the Kaseya cyber attack, although this is just the latest in a particularly devastating series of events including the SolarWinds Orion hack as well as the Microsoft Exchange Server incident.  

New Zloader malware technique makes it harder to spot phishing emails


Keumars Afifi-Sabet

9 Jul, 2021

Hackers have been discovered using a new phishing technique that involves using a sequence of chained commands to hide malicious content and make email attachments appear harmless to filters.

The technique involves send a phishing email containing a seemingly innocuous Microsoft Word attachment, according to McAfee. Once opened, it triggers a chain of events that eventually downloads the payload for the infamous banking and data exfiltration malware, known as Zloader.

The fact that the document isn’t embedded with any malicious code will make it easier for phishing emails to bypass initial checks and malware scanners.

Researchers have noted that users are only susceptible to infection if macros are enabled, which the phishing attack will use to trigger a series of commands once the Word document is opened.

Macros are disabled by default in Microsoft Office, so the Word document itself contains a lure designed to trick users into enabling macros, claiming that if they don’t, the file won’t load correctly.

When the Word document opens, and macros are enabled, the document downloads and opens another password-protected Microsoft Excel file from a remote server.

The Word document contains combo box components that store the content required to connect to the remote Excel document, including the Excel object, URL, and password required to open the file. The URL is stored in the combo box in the form of broken strings, which are combined later to form a complete string.

The code then attempts to download and open the Excel file stored in the malicious domain. After extracting the contents from the Excel cells, the Word file creates a Visual Basic for Applications (VBA) module in the downloaded Excel file by writing the retrieved contents. It, essentially, retrieves the cell contents and writes them to XLS macros.

Once the macro is formed and ready, it modifies a RegKey to disable trust access for VBA on the victim’s device in order to execute the malicious function without any Microsoft Office warnings. After writing macro contents to the Excel file, and disabling trust access, a function from the newly written excel VBA is called which downloads the Zloader payload.

“Malicious documents have been an entry point for most malware families and these attacks have been evolving their infection techniques and obfuscation, not just limiting to direct downloads of payload from VBA, but creating agents dynamically to download payload,” McAfee’s researchers Kiran Raj and Kishan N wrote.

“Usage of such agents in the infection chain is not only limited to Word or Excel, but further threats may use other living off the land tools to download its payloads. Due to security concerns, macros are disabled by default in Microsoft Office applications. We suggest it is safe to enable them only when the document received is from a trusted source.”

The operators of the Zloader malware are notorious for finding increasingly innovative ways of spreading their banking Trojan. The malware was found to be present in 100 coronavirus-related email campaigns as of the first half of 2020. Zloader was also hiding within encrypted Excel documents, according to research published in March this year, with its operators overseeing invoice-related spam campaigns.

REvil demands $70 million ransom after Kaseya supply chain attack


Keumars Afifi-Sabet

5 Jul, 2021

REvil has infected more than 40 customers of IT management software firm Kaseya in a SolarWinds-style supply chain attack in which ransomware was distributed  through a malicious update.

Kaseya revealed this weekend that its cloud-based IT management and remote monitoring product VSA had been compromised, but that the attack affected a small number of its on-premises customers only. The number of victims is estimated to be roughly 40, according to the firm.

The cyber gang exploited a zero-day vulnerability to remotely access internet-facing VSA servers. Given this software is used by many Managed Service Providers (MSPs), this route of entry also gave them a route into these MSP’s customers. Kaseya was targeted because a key functionality of VSA is to push software and automated IT tasks on request, without checks. 

The hackers responsible are now issuing varying ransom demands to its victims. REvil is demanding $44,999 from victims if their endpoint has been hit, according to Sophos security researcher Mark Loman. The group, meanwhile, is demanding a sum of $70 million to publish the universal decryptor, while boasting that it’s infected a million devices.

Looking beyond the 40 victims that Kaseya suggests REvil has claimed, Huntress Labs claims that more than 1,000 businesses have had servers and workstations encrypted, including MSPs. 

The response to the attack has been stark, with businesses served by the VSA product cutting off their servers from access to the internet. According to Dutch security firm DIVD CSIRT, the number of reachable VSA instances dropped from the norm of 2,200 to less than 140 as of Sunday. 

The company confirmed that a DIVD researcher, Wietse Boonstra, had previously identified a zero-day flaw, tracked as CVE-2021-30116, which is now being used in the ransomware attack. This flaw was discovered as part of a wider research project in which the firm is examining flaws in tools for system administrators in products such as Vembu BDR, Pulse VPN and Fortinet VPN.

“After this crisis, there will be the question of who is to blame,” the company said in a blog post. “From our side, we would like to mention Kaseya has been very cooperative. Once Kaseya was aware of our reported vulnerabilities, we have been in constant contact and cooperation with them. 

“When items in our report were unclear, they asked the right questions. Also, partial patches were shared with us to validate their effectiveness. During the entire process, Kaseya has shown that they were willing to put in the maximum effort and initiative into this case both to get this issue fixed and their customers patched. They showed a genuine commitment to do the right thing. Unfortunately, we were beaten by REvil in the final sprint, as they could exploit the vulnerabilities before customers could even patch.”

Kaseya executives are meeting again today to discuss bringing its data centres online, with a scheduled restoration date and time of 5 July “by the end of the day” local time (UTC). That timeframe is dependent on achieving some key objectives, however.

Once the software as a service (SaaS) data centres have been restored, Kaseya will publish the schedule for distributing its patch for on-premise customers

Instructions on how to exploit Windows Print Spooler accidentally leaked after research blunder


Keumars Afifi-Sabet

2 Jul, 2021

Cyber criminals are abusing a severe Windows vulnerability just days after a security company inadvertently published a proof-of-concept (PoC) exploitation for this previously undisclosed flaw.

The vulnerability, nicknamed PrintNightmare, concerns the Print Spooler component in all Windows devices. It’s being tracked as CVE-2021-34527, and lets attackers install programmes, view, change or delete data, or create new accounts with full privileges on targeted devices.

Microsoft had initially fixed a flaw in the Print Spooler component on 8 June as part of its Patch Tuesday round of updates. At the time this was deemed a privilege escalation flaw and was tracked as CVE-2021-1675.

The firm then upgraded the severity of the bug from just privilege escalation to remote code execution on 21 June.

At the same time, researchers with the security firm Sangfor had been conducting their own research into Print Spooler vulnerabilities, which they were preparing to discuss at the forthcoming Black Hat cyber security conference in August.

Seeing that Microsoft had upgraded the bug’s severity, the researchers assumed that it was the same flaw they had been working with and decided to publish the proof of concept for the exploit ahead of the conference, safe in the knowledge that it had been patched.

This remote code execution exploit, however, was for an entirely different Print Spooler weakness that hadn’t been previously disclosed by Microsoft, and used a different attack vector.

Once this was established, the researchers quickly took down their work, but not before the exploit code was downloaded and republished elsewhere.

Microsoft has since warned businesses that hackers have seized upon this blunder and are targeting businesses with the flaw now known as CVE-2021-34527. Since it’s an evolving situation, Microsoft hasn’t yet attached a threat severity score to the bug.

“A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,” Microsoft wrote in a security advisory.

“An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges.”

Until a patch becomes available, Microsoft has recommended that businesses either disable the Print Spooler service or disable inbound remote printing through their group policy.

The first mitigation would disable the ability to print locally or remotely, while the second workaround blocks the remote attack vector by preventing inbound remote printing operations. Local printing, however, will still be possible.

Microsoft bolsters Azure with AT&T 5G deal and security collaboration


Keumars Afifi-Sabet

1 Jul, 2021

Microsoft has struck agreements with US networking giant AT&T and the cyber security organisation MITRE to bring additional 5G support as well as threat monitoring capabilities to Azure.

As part of its deal with MITRE, Microsoft will integrate the organisation’s adversarial tactics, techniques and common knowledge (ATT&CK) framework into its public cloud platform in order to build a foundation for developing threat models.

Separately, the firm has acquired the Network Cloud division of AT&T, which plays host to its core 5G network. Microsoft will indirectly own but won’t operate this network, and instead plans to integrate IP and expertise into its Azure for Operators platform.

These twin deals are part of Microsoft’s strategic efforts to bolster its public cloud platform on the cyber security and networking fronts.

The AT&T acquisition, for example, is part of a strategic alliance that will see network traffic managed by Microsoft Azure. This is set to begin with the 5G core, the software at the heart of AT&T’s 5G network.

Microsoft says AT&T will benefit from greater productivity and cost-efficiency as more network workloads migrate to Azure for Operators. The firm will also use the company’s hybrid and hyperscale infrastructure to reduce costs.

The Network Cloud platform, which Microsoft is acquiring, has been running AT&T’s 5G core network since 2018. Microsoft will integrate this into its Azure for Operators platform to allow operators to run telecoms networks in the cloud.

Microsoft will benefit from access to IP and technical expertise to grow its product, building on the 2020 acquisitions of Affirmed Networks and Metaswitch Networks. It’s also acquiring AT&T’s engineering and lifecycle management software that’s used to develop carrier-grade cloud that can run containerised or virtualised network services.

“With Azure, operators can provide a more flexible and scalable service model, save infrastructure cost, and use AI to automate operations and differentiate customer offerings,” said executive vice president of Azure, Jason Zander.

“Through our collaboration with AT&T, Microsoft will expand its telecom portfolio to support operators with a carrier-grade cloud that provides seamless experiences across Microsoft’s cloud and the operator’s network.”

Microsoft’s partnership with MITRE, meanwhile, has seen the firm integrate the ATT&CK framework into Azure to launch the Security Stack Mappings for Azure research project. This has introduced a library of mappings that connect built-in Azure security controls to the techniques, identified by ATT&CK, that they’re designed to protect against.

The project aims to plug an information gap for businesses seeking to proactively secure their public cloud deployment. This project creates data that shows how built-in security controls might secure their assets against the specific attack methods most likely to target them.

“Microsoft has worked to expand the suite of built-in security controls in Azure which, while highly effective for protecting customer environments, can feel overwhelming to understand across an organisation’s entire Azure estate,” said senior threat intel librarian with Microsoft’s threat intelligence centre, Madeline Carmichael.

“MITRE has developed the ATT&CK framework into a highly respected, community-supported tool for clarifying adversary TTPs. Pairing the two together provides a helpful view for organisations to understand their readiness against today’s threats in a familiar vocabulary that enables easy communication to their stakeholders.”

Kubernetes costs spiralling as businesses fail to monitor spend


Keumars Afifi-Sabet

30 Jun, 2021

Expenditure on Kubernetes is rising dramatically, and most businesses are struggling to accurately project how much they’re expecting to spend on their container orchestration systems in future.

Over the last year, Kubernetes-related costs surged for 68% of businesses, according to research by the Cloud Native Computing Foundation (CNCF), which manages the ecosystem. Just 12% of businesses lowered their Kubernetes expenses, while among organisations to have sustained an increase, half saw it jump by more than 20%.

Kubernetes is an open source container orchestration system for automating app deployment, scaling and management. While it was originally designed by Google, Kubernetes is now maintained by the CNCF.

The trend does not come as a surprise, according to the report, because as most organisations adopt cloud-native architectures and scale up Kubernetes environments, the associated cloud costs will rise.

Despite costs projected to spiral, however, there’s a disconnect between these rising expenses and how well most businesses are able to accurately forecast Kubernetes costs, project these, and instigate processes that can manage overspend.

CNCF and the FinOps Foundation surveyed senior IT staff from their extended communities of 195 organisations, which is a small sample size but serves as a representative sample of a cross-section of businesses. 

The vast majority of respondents either don’t monitor Kubernetes spending at all, 24%, or rely on monthly estimates only, 44%. Only 13% used accurate show-backs while 14% had a chargeback programme in place. 

“As more organisations adopt cloud-native architectures and scale up Kubernetes environments, the associated cloud costs will rise,” the report said. “However, the FinOps for Kubernetes survey uncovered a disconnect between these rising expenses and how well most respondents have been able to accurately and effectively monitor Kubernetes costs, predict those costs, and instill processes that can curtail unnecessary overspend.

“Whether spending $10,000 per month or 100x that, the lack of real-time cost visibility and the insights and actions that organisations can take from that suggests that the majority of organizations leveraging Kubernetes can become significantly more cost-efficient – and do so without impacting performance.”

As cloud costs continue to rise for the majority of businesses, the report urges organisations to adopt processes and systems to track how much they spend. Firms should look beyond basic cost estimations and should instead seek to allocate costs back to granular environments and projects for show-back and chargeback. 

Cisco flaw under attack after researchers publish exploit PoC


Keumars Afifi-Sabet

28 Jun, 2021

Hackers are targeting a vulnerability in Cisco’s Adaptive Security Appliance (ASA) after security researchers published a proof-of-concept (PoC) for a successful exploit.

Positive Technologies SWARM, the security company’s offensive research team, published an exploit PoC for the flaw tracked as CVE-2020-3580 last week. This was originally patched in October 2020 alongside CVE-2020-3581 through to CVE-2020-3583.

This issue, which is considered to be moderately severe, concerns multiple vulnerabilities in the web services interface of Cisco ASA software and Cisco Firepower Threat Defense (FTD) software. 

On unpatched systems, Cisco ASA/FTD software web services don’t sufficiently validate user-supplied inputs. To exploit the bug successfully, hackers would need to convince a user on the interface to click on a malicious link. The vulnerability is rated 6.1 out of ten on the CVSS threat severity scale.

Exploitation could allow an attacker to remotely conduct cross-site scripting (XSS) attacks on affected devices that haven’t been patched. Cisco ASA Software is the core operating system that powers the Cisco ASA family, comprising devices that offer firewall tools among other security-oriented services.

Since the PoC was posted online, Positive Technologies researcher Mikhail Klyuchnikov reported that many other researchers are also chasing bug bounties for this vulnerability. Tenable researchers have also reported that attacks are exploiting CVE-2020-3580.

Cisco issued a patch for this flaw in October 2020, but the fix for CVE-2020-3581 was only partial, and the company had to issue a second patch in April this year. As of last July, there were 85,000 ASA/FTD devices distributed across the business landscape. 

Cisco Adaptive Security Appliance (ASA) Software is the core operating system that powers the Cisco ASA family. It offers firewall tools for various ASA devices, with ASA Software also integrating with other critical security technologies to deliver security-oriented products. 

Businesses are being advised to patch their systems with the latest update to avoid falling victim to successful attacks.

Windows 11 leaks in full after early build shows up online


Keumars Afifi-Sabet

16 Jun, 2021

Microsoft’s Windows 11 operating system has leaked online in full just days before developers were set to showcase its new look and key features in a reveal event. 

Screenshots of the in-development successor to Windows 10 show that the biggest aesthetic features include a centralised Start menu and taskbar, rounded corners for all windows and menus, as well as a light skin activated by default. 

Images were first leaked to the Chinese site Baidu, although a fully operational version of Windows 11 has since emerged online, according to The Verge.  

The user interface (UI) is altogether more reminiscent of macOS than classic Windows deployments, although activating a dark skin and shifting the Start menu to the left of the taskbar does make it resemble Windows 10. 

It’s also very similar in the layout of the UI for Microsoft’s Windows 10X, first developed for dual-screen devices but since abandoned and integrated instead into the broader Windows development cycle. The latest major Windows 10 update, for example, borrowed heavily on elements first devised to be included in Windows 10X.  

The Start menu included in this beta version of Windows 11 represents perhaps the most significant UI change against Windows 10. There’s a tiled layout to the apps in the menu, with a section for pinned and recommended services, alongside a prompt to view all apps.

Much of the leaked version remains completely unchanged, however, barring updated icons and the fact that windows are in keeping with the rounded edges aesthetic. The task menu as well as contextual menus and the file explorer all look much like they do in Windows 10, though it’s unclear whether these will change with the finished version.

Another significant addition is that of a Widgets button in the taskbar, which suggests the return of a widgets system that was included with Windows Vista and Windows 7. A screenshot shows a menu that slides out with tiles that show different pieces of information such as the weather, football scores, and news headlines.

Users can also snap windows far more effectively and micromanage the layout by clicking the maximise button in the top right corner. They can, at present, choose which half, or quadrant, of the screen in which to place their window.

Microsoft has strongly hinted at the existence of a successor to Windows 10 for some months, teasing various details about a Sun Valley build that promises to improve users’ workflow, according to Windows Central

The firm is due to discuss the build and detail its features for the first time on 24 June. Microsoft CEO Satya Nadella described this as “one of the most significant updates to Windows of the past decade”, and argued that it will unlock greater economic opportunity for developers and creators. 

“I’ve been self-hosting it over the past several months, and I’m incredibly excited about the next generation of Windows,” he said during his keynote at the Microsoft Build 2021 event. 

“Our promise to you is this: we will create more opportunity for every Windows developer today and welcome every creator who is looking for the most innovative, new, open platform to build and distribute and monetise applications.”

Microsoft has also announced in recent days that it plans to retire Windows 10 by 2025, again signalling that Windows 11 is on its way very soon.

IT Pro approached Microsoft for confirmation the leaks are genuine, and whether it’s considering taking any action.