Zoom is adding “post-quantum” end-to-end encryption to its video and voice meeting software. The aim is to protect communication data sent between its apps once quantum computers are sufficiently power to compromise existing encryption methods. 

Right now, it’s difficult for current or “classical” computers to break the modern encryption algorithms that protect internet communications — that means anything from text messages to online banking or shopping. But security experts are concerned cybercriminals can collect encrypted data now and decrypt it once quantum computers become sufficiently capable, a strategy referred to as “harvest now, decrypt later.”

To secure communications on its meetings apps in the long term, Zoom on Tuesday said it will enhance existing EE2E capabilities available in its Zoom Workplace apps with “post-quantum cryptography.” It’s the first unified communication software vendor to do so, Zoom claimed in a blog post.

For Zoom, this means the use of Kyber 768, a key encapsulation mechanism (KEM) algorithm that’s being standardized by the National Institute of Standards and Technology (NIST). NIST has been working to identify a set of “post-quantum” algorithms that can withstand attacks from future quantum computers. 

Although quantum computers are adept at solving complex mathematical equations, meaning they could decrypt classical algorithms, existing systems are small scale and plagued with high error rates, said Heather West, research manager for quantum computing at IDC’s Infrastructure Systems, Platforms, and Technology Group.

As a result, modern classical algorithms are not yet at risk; that could change as quantum computing advances, enabling systems that can run Shor’s algorithm —a quantum algorithm that, according to one definition, is able to “efficiently factorize large composite numbers” and therefore reduce the time taken to break classical encryption.

“Due to this advantage, there is concern that some entities — specifically state-sponsored actors — are breaching and stealing data with a long-shelf life value now (think financial, government, DOD, etc.) with the intent of using future quantum systems to decrypt it and use it later,” said West.

Several initiatives are now under way to identify and develop post-quantum cryptographic algorithms organizations can deploy to become quantum-resilient. For example, NIST launched a global initiative in 2016 and is expected to release its final recommendations later this year. In 2022, US President Joseph R. Biden Jr. issued two security memorandums (NSM-8 and NSM10) to provide government agencies with the guidance and timeframes to begin implementing post-quantum cryptography.  

As for Zoom’s post-quantum EE2E feature, West said the amount of information transferred via text messages and in virtual meetings “is a rather unexplored territory for post-quantum cryptography [PQC],” but is an important area of focus. “Compromised information using these technologies could lead to national security breaches, the accidental exposure of company trade secrets, and more,” she said. “Zoom has taken this opportunity to identify a current area of data security weakness and develop an industry disruptive PQC solution.”

Even so, West points to “severe limitations” in Zoom’s approach. For example, to be secure, all meeting participants are required to use the Zoom desktop or mobile app version 6.0.10 or higher. “So there is no guarantee that everyone will be using the most up-to-date version…,” she said.

In addition, using Zoom’s post-quantum encryption means participants loseaccess to some key features, such as cloud recording. “For PQC to be effective, not only must it be secure against potential quantum cyber security breaches, but it should also allow for the same performance and utility of the applications and infrastructure than if it weren’t being used. This doesn’t seem to be the case with Zoom’s implementation,” West  said. 

In general, West said all businesses should be considering how to keep encrypted data safe in future.

“Organizations should be taking this risk seriously,” she said. “There seems to be a misconception that if an organization is not investing in quantum computing there isn’t a need to invest in post-quantum cryptography.” 

Cyberattacks using quantum algorithms have the potential to affect all businesses and organizations, she said. Some understand the importance of post-quantum cryptography and are waiting for final standards from NIST to be released, but updating to post-quantum cryptography can be a “laborious process,” so organizations should get started now by inventorying and identifying at-risk data and infrastructure. 

“Partnering with a PQC vendor or consultant can help guide the transition. PQC vendors and consultants can also help to determine what solution is most suitable for the organization,” said West.

With AI tools and Qualcomm Snapdragon X Elite chips inside its new Surface Pro laptops (called Copilot+ PCs), Microsoft is making no secret that it wants to compete head-on with the world’s most popular laptop, Apple’s MacBook Air. 

It look like the PC wars have begun again

Despite this declaration of war, it feels like Microsoft owes a lot to Apple. For example, it’s all-new Recall feature reminds me of something Apple already had in its systems called Time Machine. Like Recall, Time Machine saves versions of everything on your device in an encrypted form and lets you “recall” them later on. The feature has always been tied to the user ID and heavily secured. 

We’ll soon find out if Recall is as well protected.

But it’s not the only nod to Apple’s work Microsoft has made in its latest fan-fueled attack on the Mac: even the processors are based on the Arm chips Apple has used for years now in iPhones, iPads, and Macs. And, just like Apple’s Rosetta on M-series chips, Microsoft has an on-board emulator to run older apps that aren’t yet optimized for Windows on Arm. Microsoft claims 87% of the apps people use most will already be ARM-optimized. Helpfully, Apple’s adoption of Arm in Apple Silicon means most of the world’s biggest developers have already ported applications to Arm.

“We have completely reimagined the entirety of the PC — from silicon to the operating system, the application layer to the cloud — with AI at the center,” wrote Microsoft’s Chief Marketing Officer Yusuf Mehdi. (Arguably, that’s something Apple also already did.) 

Comparisons, comparisons, comparisons

Microsoft shared a range of test results it claims show not only that the new devices compete with Apple’s, but in some cases exceed what the Mac can do. However, as we see each time a tech product gets released, some of the claims seem a little uncertain.

Take performance, for example: Microsoft claims its product can run 58% faster than the MacBook Air M3. The company even ran a side-by-side photo editing test between the two computers to prove its advantage.

It’s worth noting, however, that the Surface device contains a fan, which the MacBook Air does not, which means Microsoft’s system can run at a higher temperature.

Once the inevitable comparative reviews appear, it will be interesting to learn how long you can run such intensive tasks on a Surface in terms of energy consumption and battery life, and how this compares to the same tasks on a Mac. Microsoft says that when it comes to simulated web browsing, you’ll get over an hour more battery life on its device than Apple’s. However, Ars Technica calls Microsoft’s battery life claims “muddy”, saying they need further independent verification.

To some degree, the comparisons might become moot, given Apple is already striding toward equipping Macs with M4 chips; they’re already available in what I see as Apple’s more direct Surface competitor, the iPad Pro. 

Making Windows…

Microsoft doesn’t see it that way. It believes its Surface Pro devices should be seen as MacBook Air competitors, is buoyed by no-doubt excellent test results, and hopes that by pimping out its systems with AI it has a compelling market proposition with which to tempt enterprise users to stay inside the Windows flock.

(Though even that bid for regained relevance still needs to get past the data sovereignty/privacy problems that beset all the big genAI solutions at the moment. Enterprise users will need to be certain of the cloud-based components of these systems before using them to handle regulated data, I expect.)

All the same, on paper and in keynote at least, Microsoft is making what seems to be one of its sassiest bids yet, once again raising the temperature as the industry prepares for what’s shaping up to be among Apple’s most existentially important WWDC events ever.

There’s a lot to get through.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

So far, Microsoft’s 365 Copilot has mainly been positioned as a personal assistant for individual workers, helping them draft emails or recap meetings they might have missed. With the upcoming launch of Team Copilot, Microsoft wants to make its generative AI (genAI) assistant accessible in group settings, helping enable video meetings and coordinating team projects. 

“Microsoft Team Copilot makes a great deal of sense as the next step in equipping the workforce with AI-based tools,” said J.P. Gownder, a vice president and principal analyst at Forrester Research. “We know that productivity isn’t confined to individual work, so having Copilot for 365 help with group-oriented tasks will only improve overall productivity.”

Microsoft highlighted three key use cases for the Team Copilot.

First, the bot can be added to a Teams video call as a “meeting facilitator,” Jared Spataro, Microsoft’s corporate vice president for AI at work, said in a blog post. Here, it can take notes that can be viewed and edited by all meeting participants, as well as create follow-up tasks that all can see; track time for each agenda item; and assist in-person or hybrid meetings when integrated with Teams Rooms.

Second, colleagues can interact with the Team Copilot in group text chats within Teams. Here the Copilot can summarize lengthy conversations to surface the most important information to all participants, as well as answer questions from the group.

Meeting summarization and note-taking have emerged as popular uses for AI assistants, said Gownder, “so making that a group-oriented assistant that helps everyone attending the meeting also makes sense. I think this is a great product evolution.” 

Finally, the Team Copilot can be used to help manage projects, creating tasks and goals within Microsoft’s Planner app that it can then assign to individual workers. It can also complete tasks itself — such as drafting a blog post — and notify team members when additional input is needed.

While Gownder sees potential for the Team Copilot to improve productivity, he noted that some of Microsoft’s messaging around the product is sloppy. 

“It says that Team Copilot will engage in ‘meeting facilitation,’ which isn’t what it’s doing,” he said. “Meeting facilitation means acting as the leader of a meeting, ensuring inclusivity, keeping people on-subject and on-time. It’s a particular skill. Team Copilot doesn’t do this; it creates agendas, tracks time, takes notes, summaries key takeaways, and shares files.”

Group moderation is another term that’s wide of the mark, he said. “Moderation sounds like what happens on Reddit — keeping people in line and censoring inappropriate comments. That’s again not what Copilot does; it’s acting more as a business insights assistant for group interactions and meetings,” said Gownder.

All in all, the strategy and the product direction for Team Copilot “make a lot of sense,” he said, assuming they work as described; Copilot for Microsoft 365 remains a work in progress, said Gownder, with genAIunpredictable at times. 

The Team Copilot will be available in preview later this year for Microsoft 365 customers with a Copilot subscription. 

Microsoft is bringing a new AI-powered search function to Windows 11 that lets users find and retrieve information across any app they’ve accessed. 

The new feature, Windows Recall, essentially records all user actions on a PC, taking snapshots of the screen at 5 second intervals. This allows Recall to generate a searchable timeline of everything they’ve interacted with, whether that’s an application, website, document, image, or anything else. It could mean searching for anything from references to a work-related topic across different documents, or a conversation with a friend on a chat app, whether on a desktop app or via a web browser. 

“We set out to solve one of the most frustrating problems we encounter daily — finding something we know we have seen before on our PC,” Yusuf Mehdi, Microsoft’s executive vice president and consumer chief marketing officer, said Monday in a blog post. “Today, we must remember what file folder it was stored in, what website it was on, or scroll through hundreds of emails trying to find it.  

“Now with Recall, you can access virtually what you have seen or done on your PC in a way that feels like having photographic memory.”

“If Recall works as well as planned, it will be a major productivity booster and probably one of the most useful productivity tools we’ve seen in years,” said Jack Gold, principal analyst with business consultancy J. Gold Associates.

“Being able to instantly find data you know you have ,but have no idea where you put it, or instantly recall that website that was so useful — but you can’t remember what it was — will be a game changer.” 

The Recall feature will have uses in the workplace, too, he said. 

“Business users are inundated with data these days,” he said. “Having an assistant monitor you in the background and being able to recall what you did/where you put it will be huge.”

That said, the feature needs to function as planned: if it’s buggy or doesn’t live up to Microsoft’s promises, business users might be put off relying on Microsoft’s AI for productivity tasks. 

Snapshot data recorded by the Recall feature is stored and processed on a user’s device, said Microsoft. Users have control over what’s recorded and stored. It’s possible, for example, to delete individual snapshots, adjust and delete ranges of time, or pause the recording entirely. Users can also choose to filter certain apps and websites that they don’t want recorded, Microsoft said.

Gold doesn’t see privacy and security concerns being a hindrance to adoption. “As long as it all stays on my device and Recall isn’t sending anything to Microsoft, I and most users would be fine with that,” he said. 

“Microsoft needs to insure that the Recall data stored locally is safe and not ‘hackable,’ which is a tall ask,but absolutely critical if it’s to be trusted,” said Gold. “Imagine a hacker being able to access Recall data and knowing everything you’ve done or been to forever! How Microsoft assures of this data safety is important to whether its acceptable for our use.”

Recall is one of several AI features for Windows 11 announced Monday, including Live Captions and a Cocreator image generation tool. All the features will be available on the new range of Copilot+ PCs unveiled by Microsoft and other vendors, including Acer, Asus, Dell, Lenovo, and Samsung.  

Slack has updated its “privacy principles” in response to concerns about the use of customer data to train its generative AI (genAI) models. 

The company said in a blog post Friday that it does not rely on user data — such as Slack messages and files — to develop the large language models (LLMs) powering the genAI features in its collaboration app. But customers still need to opt out of the default use of their data for its machine learning-based recommendations.

Criticism of Slack’s privacy stance apparently started last week, when a Slack user posted on X about the company’s privacy principles, highlighting the use of customer data in its AI models and requirement to opt out. Others expressed outrage on a HacknerNews thread. 

On Friday, Slack responded to the frustrations with an update to some of the language of its privacy principles, attempting to differentiate between its machine learning and LLMs. 

Slack uses machine learning techniques for certain features such as emoji and channel recommendations, as well as in search results. While these ML algorithms are indeed trained on user data, they are not built to “learn, memorize, or be able to reproduce any customer data of any kind,” Slack said. These ML models use “de-identified, aggregate data and do not access message content in DMs, private channels, or public channels.”

No customer data is used to train the third-party LLMs used in its Slack AI tools, the company said.

Slack noted the user concerns and acknowledged that the previous wording of its privacy principles contributed to the situation.  “We value the feedback, and as we looked at the language on our website, we realized that they were right,” Slack said in a blog post Friday. “We could have done a better job of explaining our approach, especially regarding the differences in how data is used for traditional machine-learning (ML) models and in generative AI.”  

“Slack’s privacy principles should help it address concerns that could potentially stall adoption of genAI initiatives,” said Raúl Castañón, senior research analyst at 451 Research, part of S&P Global Market Intelligence.

However, Slack continues to opt customers in by default when it comes to sharing user data with the AI/ML algorithms. To opt out, the Slack admin at a customer organization must email the company to request their data is no longer accessed. 

Castañón said Slack’s stance is unlikely to allay concerns around data privacy as businesses begin to deploy genAI tools. “In a similar way as with consumer privacy issues, while an opt-in approach is considerably less likely to get a response, it typically conveys more trustworthiness,” he said.

A recent survey by analyst firm Metrigy showed that the use of customer data to train AI models is the norm: 73% of organizations polled are training or plan to train AI models on customer data.

“Ideally, training would be opt-in, not opt-out, and companies like Slack/Salesforce would proactively inform customers of the specifics of what data is being used and how it is being used,” said Irwin Lazar, president and principal analyst at Metrigy.  “I think that privacy concerns related to AI training are only going to grow and companies are increasingly going to face backlash if they don’t clearly communicate data use and training methods.”

There’s been a change in tone concerning what to expect from Apple’s forthcoming AI announcements at WWDC, so perhaps it’s time to moderate the hype.

What we’ve been hoping for is an impressive counterattack from the company, one designed to shrug off speculation the company is falling behind on AI. With thousands of engineers and billions of dollars focused on AI research and development, there’s been building expectations of something impressive from the company. However, if Apple industry bellwether Mark Gurman has it right, Apple’s planned announcements, while good, might not quite reach the pinnacle of great.

Is better enough?

That doesn’t mean what’s coming won’t be interesting or noteworthy. Gurman seems to expect some impressive highlights, including tools such as voice memo transcription, summaries of notifications and web pages, and generative AI-powered editing tools.

The latter will apparently work in a similar way to how genAI works in Adobe’s creative apps, which presumably means you’ll be able to generate machine-created images and apply edits using voice/text prompts on your devices. Gurman doesn’t seem to think these will impress regular Adobe users, but given that most of the world’s population don’t use Adobe, it’s reasonable to suppose that for many millions of people, Apple’s tools will be their first exposure to the potential of such technologies.

The gap remains

All the same, despite Apple’s advantages in market reach and platform size, Gurman claims Apple executives still think there is a gap between the current pace of Apple’s genAI development and that of its competitors. He even says this gap is unlikely to close soon, which is perhaps why Apple has been speaking to competitors such as OpenAI, Google, and Baidu.

It’s possible we’ll learn of a deal between OpenAI and Apple at or around WWDC 2024, potentially including integration of ChatGPT natively on the iPhone.  We might also see interesting new features built on the company’s recently introduced tools for accessibility. 

If Apple’s truly not quite there yet, it will not want to disappoint with weak-tea WWDC news — and that makes this a good time to constrain the optimism. This part of the match isn’t over; Apple and AI is a work in progress; and the company’s R&D teams continue to churn out powerful-seeming foundational technologies, including its very own multimodal LLM mode, called Ferret.

The privacy thing

One area of speculation I don’t think Apple hopes to quash revolves around privacy and edge AI. It seems probable that edge intelligence will guide some features, implying that when you do use genAI on your iPhone, the process/data will be kept confidential. 

That is essential if Apple wants to make using these tools a customary part of daily life, particularly in the enterprise space. With that in mind, it is curious that the tone of Gurman’s comments suggest Apple’s focus on privacy and security is limiting what it can achieve with AI — but does at least value the information. Apple is planning its own cloud-based genAI services that should deliver functionality and security, and is investing in highly secure data center processors.

There is a one more card in play that could work in Apple’s favor in the long game: ChatGPT and Google Gemini are server-based solutions, but their future evolution will be constrained by AI regulation and the need to maintain data sovereignty.

These forces will become a barrier to growth, and it remains possible that by focusing on data privacy today, Apple could hold a winning hand by the end of the game. So, while company insiders may be attempting to guide expectation a little lower as we travel toward the new AI iPhone in fall, the game at this table isn’t over yet. Partnership, or even acquisition, could be the next set of cards in Apple’s deck.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Microsoft released 62 updates on Patch Tuesday this week, with three zero-days (CVE-2024-30051, CVE-2024-30046, and CVE-2024-30040) forcing a “patch now” deployment guidance for Windows desktops. Adobe is back with a “Patch Now” update, while Microsoft Office, Edge browsers and Microsoft’s development platform (Visual Studio and .NET) can be dealt with using standard release schedules. 

Unusually for Azure updates, the Readiness team recommends particular attention be paid to an Azure Agent update (CVE-2024-30060), as it can affect corporate VM’s (associated with testing or development platforms). The team has provided an infographic outlining the risks associated with each of the updates for this month’s cycle. 

Known issues 

Each month, Microsoft publishes a list of known issues related to the operating system and platforms included in each cycle; the following two reported minor issues:

• Windows devices using more than one monitor might experience issues with desktop icons moving unexpectedly between monitors or other icon alignment issues when attempting to use Copilot in Windows (in preview). Yes, Microsoft is still working on this one.
• There appears to be an issue with how Windows clients receive their updates after installing KB5034203. Instead of downloading from their peers or designated enterprise update endpoints, clients that use DHCP option 235 will download from the internet instead. Aside from the (serious) security concerns in getting your updates from outside your organization, some clients will see a significant increase in their internet traffic.

And for all you Windows 11 users, Microsoft has reported that after installing this update you might not be able to change your profile photo from the default. (For many, this is a good thing.)

Major revisions 

This month, Microsoft published the following major revisions to past security and feature updates:

• CVE-2024-30009: Windows Routing and Remote Access Service (RRAS) Remote Code Execution. The FAQs were updated for this Microsoft patch. This is an information change only.
• CVE-2024-30044: Microsoft SharePoint Server Remote Code Execution Vulnerability. Microsoft updated the documentation, added a FAQ, and updated the CVSS score for this critical update.
• CVE-2024-30046: Visual Studio Denial of Service Vulnerability. Microsoft has revised the Security Updates table to include .NET 7.0 and .NET 8.0 as these versions of .NET are now affected by this vulnerability. 

I’m not sure where to place this latest (and late) addition to the May patches. Microsoft released a major update (CVE-2024-30060) to the Azure agent (we use this Microsoft tool for our Azure-based application packaging, conversion and testing Virtual Machines). If you are using Azure-based VMs, this update will be important for all your builds. Unfortunately, this vulnerability has been publicly disclosed and adds to our tally of May Patch Tuesday zero days.

Mitigations and workarounds 

As of May 17, Microsoft has not published any mitigations or workarounds for this month’s patch cycle.

Testing guidance

Each month, the team at Readiness analyzes the latest updates and provides detailed, actionable testing guidance. This guidance is based on assessing a large application portfolio and a detailed analysis of the patches and their potential impact on the Windows platforms and application installations.

We have grouped the critical updates and required testing efforts into functional area including:

Microsoft Office

• A change to how OLE handles web content will require a test scenario for embedding and loading external web content (text, images and video).

Microsoft .NET and developer tools

• Microsoft SQL server updates will require a test of new connections with different versions of SQL Server. Line-of-business (LOB) applications that rely on SQL server connections will require a full UAT before releasing this month’s developer update.

Windows

The following core Microsoft features have been updated and might require attention:

• The updates to the Windows Common Error log feature (CLDFLT.SYS) will require testing of creating, reading, updating and deleting (CRUD) log files.
• DNS updates will require testing for non-existing domains registered in each managed zone.
• This month’s update to the Microsoft Crypto library will require tests of new creation and deletion.
• Microsoft’s Routing and Remote Access Servers (RRAS) servers will require light testing for valid connections.
• Smartcard access to Microsoft Windows desktops will require basic access testing.

Aside from updating several key features on the Windows desktop platform, Microsoft also updated the way the following APIs are handled:

• SetFileBandwidthReservation and GetFileBandwidthReservation;
• The MMC and Windows Shell (MPRAPI.DLL);
• Microsoft’s CNG crypto implementation (NCRYPT.DLL).

These are tough updates to test properly, as you need a detailed list of what applications depend upon (and actually use) these APIs. 

Automated testing will help (especially a testing platform that offers a “delta” or comparison between builds). However, for LOB apps, getting the application owner (doing UAT) to test and approve the results is absolutely essential. 

This month, Microsoft made a major (general) update to the Win32 and GDI subsystems with a recommendation to test out a significant portion of your application portfolio.

Windows lifecycle update 

This section will contain important changes to servicing (and most security updates) to Windows desktop and server platforms.

• Support for Windows 10 (21H2) ends this month. In fact, support ends before the next Patch Tuesday. This is serious now, people.
• Microsoft SQL Server (2014 SP3 CU4): the final stage of support (aka Security Support) ends in five weeks.
• Microsoft Visual Studio 2022 loses full support in less than two months.

Each month, we break down the update cycle into product families with the following basic groupings: 

• Browsers (Microsoft IE and Edge) 
• Microsoft Windows (both desktop and server) 
• Microsoft Office
• Microsoft SQL Server (not Exchange Server) 
• Microsoft Development platforms (ASP.NET Core, .NET Core and Chakra Core)
• Adobe (if you get this far) 

Browsers

Microsoft and the Chromium project have been releasing patches to both Chrome and Edge every three or four days since the latest major update in April. So far, there are now seven updates to Chrome (with the recent addition of CVE-2024-30056), all of which are rated important. These security vulnerabilities relate to memory handling and “use after free” issues but have not been reported as exploited or publicly disclosed. Add these updates to your standard release schedule.

Windows

Microsoft published 46 updates for the Windows desktop and server updates. For this (much smaller) release to the Windows desktop platform, the following functional areas have been updated:

• Windows Common Log File System Driver Windows Hyper-V;
• Windows Cryptographic Services;
• Windows DHCP Server;
• Windows NTFS;
• Windows Win32K – ICOMP;
• Windows RRAS and Remote Access Connection Manager.

Unfortunately, we have three zero-days (CVE-2024-30051, CVE-2024-30046, and CVE-2024-30040) that affect the Windows platform. The team at Readiness has already discovered several applications that are particularly vulnerable to the DWM vulnerability (CVE-2024-30051) which could lead to full SYSTEM (caps added by Microsoft) privileges on the compromised system. Add this update to your “Patch Now” schedule.

Microsoft Office 

Microsoft released just three updates for the Office platform. CVE-2024-30042 addresses a remote code execution vulnerability in Excel that is both challenging to exploit and non-wormable. The other updates relate to Microsoft SharePoint. All are rated important and should be added to your standard desktop release schedule. 

Microsoft SQL Server (not Exchange Server)

Microsoft has not released any patches for Exchange Server but did push out a single update (CVE-2024-30054) rated important for SQL Server. This update to SQL Server Power BI feature really belongs in the developer release cycle, as it updates Software Development Kit (SDK). Add this to your standard developer release schedule.

Microsoft development platforms 

Microsoft released four updates to the development platform, affecting Visual Studio and .NET for those deploying and managing desktop patches. Add these to your standard developer release schedule.

Adobe Reader (if you get this far) 

We are back! Adobe released an update to Adobe Reader (APSB24-29) covering 12 memory related and “use after free ” security vulnerabilities that have a serious rating of 8.8. This attracts a “Patch Now” rating from the Readiness team due to Adobe Reader’s tight integration with the Windows desktop ecosystem.