Advisories

Keep informed of topics that impact X_TRADER® trading environments. Visit the TT app's Message Center to access TT platform advisories.

Privilege escalation vulnerability in X_TRADER installation

Current versions of X_TRADER contain an installer with a privilege escalation vulnerability.  Executables that run as local system services are installed with insecure file permissions, allowing a non-privileged attacker to replace them with a malicious payload.  Exploitation requires the attacker to have authenticated access to the trading workstation’s filesystem.

 

TT is currently rebuilding the X_TRADER installation packages, and will release an updated installer that revokes write and delete access on the relevant executables next week (week of April 29th).  In the interim, see below for steps to manually remediate this vulnerability.

 

Due to this change, X_TRADER installation and updates now require Administrator privileges in all cases.  As a result, automated installation via TT Update is now deprecated.

 

Firms that repackage X_TRADER are encouraged to verify their own package prohibits write and delete access to these executables.

Manual remediation steps

Administrators may also address the vulnerability by removing write and delete access for all non-administrators on the Guardian and TT Messaging executables found under the X_TRADER installation root.  For example:

 

cd

cd Guardian

icacls *.exe /deny *S-1-5-7:(w,de) /deny *S-1-1-0:(w,de)

icacls *.dll /deny *S-1-5-7:(w,de) /deny *S-1-1-0:(w,de)

REM Windows still allows users to delete files if they have the DC

REM permission on the containing folder.  So we remove DC.

icacls . /deny *S-1-5-7:(dc) /deny *S-1-1-0:(dc)

REM Config subdirectory will now inherit the DC flag from its parent, which

REM breaks the product tables maintained by Guardian.  Add DC back to

REM the Config subdirectory.

icacls Config /grant *S-1-1-0:(dc)

cd ../ttm

icacls *.exe /deny *S-1-5-7:(w,de) /deny *S-1-1-0:(w,de)

icacls *.dll /deny *S-1-5-7:(w,de) /deny *S-1-1-0:(w,de)

icacls . /deny *S-1-5-7:(dc) /deny *S-1-1-0:(dc)

 

If you no longer wish to receive Customer Advisories, please Unsubscribe.

Missing Fills on BrokerTec Gateways

Please be advised that there is a known issue that can cause BrokerTec fills to be removed from X_TRADER client applications when a client application is closed during the trading session.  We are working with the exchange to address an issue with the structure of their BD6 messages and we await their decision on how they will amend this structure.

Note that the removal of fills will not occur if an X_TRADER client application remains open.  Users who trade BrokerTec contracts are advised to remain logged in to their client applications and to not log off in the middle of the trading session to avoid this issue.

 

If you no longer wish to receive Customer Advisories, please Unsubscribe.

Second Quarter 2019 License Updates

Updated and amended second quarter license files have been distributed to TT customers. Please contact your TT Sales representative if you have not received your license file. The new file must be installed via Guardian prior to April 15 2019, or you will not be able to trade.

Customer environments managed by TT via the TTNET or ASP hosted solution do not need to take any action, as all license updates are handled by TT; however any past due balances are still payable per the terms of your contract.

Please contact TT Support if you experience any installation problems.

If you no longer wish to receive Customer Advisories, please Unsubscribe.