Advisories

Keep informed of topics that impact X_TRADER® trading environments. Visit the TT app's Message Center to access TT platform advisories.

Due to the observance of the Memorial Day Holiday, CME day orders placed on Sunday, May 26th will be for the trade date of Tuesday, May 28th and will not expire until Tuesday’s close.

 

In order to maintain fill records over this extended session, the TT CME Fill Server must be configured to not roll over on Monday, May 27th.  To perform this configuration change, open the TTconfigCME_Rollover_Schedule.ini file and comment out Monday’s line.

 

#sunday = 22:37:00,21:37:00

#monday= 22:37:00,21:37:00

tuesday= 22:37:00,21:37:00

wednesday= 22:37:00,21:37:00

thursday= 22:37:00,21:37:00

friday= 22:37:00,21:37:00

#saturday= 22:37:00,21:37:00

 

Revert this configuration change on Tuesday, May 28th.

 

Important Notes

  • This configuration change will impact all products that trade via TT CME Gateways.  If any contracts are not observing adjusted trade dates due to the holiday, fill records for those contracts will remain visible over multiple trade dates.
  • Customers using Drop Copy FIX Adapters should verify that their systems will not pull fill records in a way that will result in the same fill being pulled twice, as fill records will not be purged on Monday as usual.

For more information regarding the exchange schedule please click here, and refer to the “Compact Excel” file for the Memorial Day Holiday.

 

NOTE: Due to CME’s observance of the following holidays in 2019, “TT CME Fill Server” configuration changes must be carried out for each holiday.  We will send updated Customer Advisories in the days leading up to each, which will include specifics for that particular holiday.

  

US Holiday Date
Independence Day July 4, 2019
Labor Day September 2, 2019
Thanksgiving November 28, 2019
Christmas Day December 25, 2019
New Year’s Day January 1, 2020

Should you have any questions, please contact your local TAM

UPDATE: Privilege escalation vulnerability in X_TRADER installation

On Friday, April 26, CA010-19 was sent to summarize a privilege escalation vulnerability.  X_TRADER 7.17.87p603 will be released shortly, which includes an updated installer that revokes write and delete access on the necessary executables.  Customers are encouraged to upgrade to this version to address this vulnerability.

 

Note that the original examples provided in CA010-19 to manually remove write and delete access for all non-administrators should not be used.  Please reference the amended example at the end of this Advisory.

 

Additional details on the vulnerability and new X_TRADER package

 

X_TRADER installs several system services, such as Guardian, GuardianCtrl and TT Messaging (“TTM”).  These system services run as NT AUTHORITYSYSTEM, granting them local administration rights.  However, the underlying executable files are writable by unprivledged users.  Thus, someone with authenticated write access to the trading system’s file system can replace the executables with a malicious payload that will execute with local system privileges.

 

These services genuinely need administrative rights.  For example, TTM creates raw sockets for Pragmatic General Multicast (“PGM”), since Windows does not provide an OS-native PGM implementation.  To open raw sockets, programs must have administrative rights. Because these services require administrative rights to function properly, it is not possible to change their service definitions to use a non-privileged account.

 

To address this potential privilege escalation vulnerability, TT has modified the X_TRADER installation to apply Access Control Lists (“ACLs”) to the Guardian and TTM executables.  The ACLs prevent anyone from writing to, renaming, or deleting the executables. X_TRADER component installation now requires administrator privileges to perform on every install or update; the TT Update tool is now deprecated, because it runs in the context of the user, not an administrator.

 

The X_TRADER installers know about these ACL modifications, and work correctly when performing a re-install or update.  However, they are unable to register these ACL changes with the Windows uninstaller framework. Thus, even running as an administrator, uninstalling X_TRADER will not delete the affected executable files.  To assist in uninstalling, the installer now places an UninstallHelper.exe program in the root of the TT installation directory.  This program requires administrator privileges to run, and will revert the ACL changes made by the installer.  To uninstall X_TRADER, please run the helper program before attempting to uninstall X_TRADER itself.

 

TT understands that many of our customers re-package X_TRADER, or may have other frameworks in place to centralize ACL management.  If an administrator wishes to manage the ACLs on these system service executables themselves, they may use group policy to add a new registry key that will prevent the installer from applying any ACL changes.  Only administrators may modify this registry key; by default, normal users only have read access to the “Policies” section of the registry.

 

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodePoliciesTrading Technologies]

“InstallWithNoPermissions”=”1”

 

For administrators that script their X_TRADER installations and wish to disable the installer’s ACL handling, the new TT installers also accept a “–noperms” command line option in addition to the group policy registry key.

 

To manually apply the ACL changes made by the installer, execute the following:

 

cd 

cd Guardian

REM Due to icacls’ handling of implicit “S” permission, deny write

REM options explicitly instead of using the generic “W”, as generic “W”

REM also implicitly removes “S”, which makes the file non-readable/executable.

REM Note: when ACLs are subsequently viewed, it will show as generic “W”

REM since the state of “S” is hidden.

icacls *.exe /deny *S-1-5-7:(wd,wa,wea,ad,de) /deny *S-1-1-0:(wd,wa,wea,ad,de)

icacls *.dll /deny *S-1-5-7:(wd,wa,wea,ad,de) /deny *S-1-1-0:(wd,wa,wea,ad,de)

REM Windows still allows users to delete files if they have the DC

REM permission on the containing folder.  So we remove DC. Additionally,

REM remove DE on the containing folder to prevent users from simply renaming

REM the files out of the way.

icacls . /deny *S-1-5-7:(dc,de) /deny *S-1-1-0:(dc,de)

REM Config subdirectory now inherits the -DC,-DE flag from its parent, which

REM breaks the product tables maintained by Guardian.  Explicitly add DC/DE

REM back to the Config subdirectory.

icacls Config /grant *S-1-1-0:(dc,de)

cd ../ttm

icacls *.exe /deny *S-1-5-7:(wd,wa,wea,ad,de) /deny *S-1-1-0:(wd,wa,wea,ad,de)

icacls *.dll /deny *S-1-5-7:(wd,wa,wea,ad,de) /deny *S-1-1-0:(wd,wa,wea,ad,de)

icacls . /deny *S-1-5-7:(dc,de) /deny *S-1-1-0:(dc,de)

 

If you no longer wish to receive Customer Advisories, please Unsubscribe.

Privilege escalation vulnerability in X_TRADER installation

Current versions of X_TRADER contain an installer with a privilege escalation vulnerability.  Executables that run as local system services are installed with insecure file permissions, allowing a non-privileged attacker to replace them with a malicious payload.  Exploitation requires the attacker to have authenticated access to the trading workstation’s filesystem.

 

TT is currently rebuilding the X_TRADER installation packages, and will release an updated installer that revokes write and delete access on the relevant executables next week (week of April 29th).  In the interim, see below for steps to manually remediate this vulnerability.

 

Due to this change, X_TRADER installation and updates now require Administrator privileges in all cases.  As a result, automated installation via TT Update is now deprecated.

 

Firms that repackage X_TRADER are encouraged to verify their own package prohibits write and delete access to these executables.

Manual remediation steps

Administrators may also address the vulnerability by removing write and delete access for all non-administrators on the Guardian and TT Messaging executables found under the X_TRADER installation root.  For example:

 

cd

cd Guardian

icacls *.exe /deny *S-1-5-7:(w,de) /deny *S-1-1-0:(w,de)

icacls *.dll /deny *S-1-5-7:(w,de) /deny *S-1-1-0:(w,de)

REM Windows still allows users to delete files if they have the DC

REM permission on the containing folder.  So we remove DC.

icacls . /deny *S-1-5-7:(dc) /deny *S-1-1-0:(dc)

REM Config subdirectory will now inherit the DC flag from its parent, which

REM breaks the product tables maintained by Guardian.  Add DC back to

REM the Config subdirectory.

icacls Config /grant *S-1-1-0:(dc)

cd ../ttm

icacls *.exe /deny *S-1-5-7:(w,de) /deny *S-1-1-0:(w,de)

icacls *.dll /deny *S-1-5-7:(w,de) /deny *S-1-1-0:(w,de)

icacls . /deny *S-1-5-7:(dc) /deny *S-1-1-0:(dc)

 

If you no longer wish to receive Customer Advisories, please Unsubscribe.

Missing Fills on BrokerTec Gateways

Please be advised that there is a known issue that can cause BrokerTec fills to be removed from X_TRADER client applications when a client application is closed during the trading session.  We are working with the exchange to address an issue with the structure of their BD6 messages and we await their decision on how they will amend this structure.

Note that the removal of fills will not occur if an X_TRADER client application remains open.  Users who trade BrokerTec contracts are advised to remain logged in to their client applications and to not log off in the middle of the trading session to avoid this issue.

 

If you no longer wish to receive Customer Advisories, please Unsubscribe.

Second Quarter 2019 License Updates

Updated and amended second quarter license files have been distributed to TT customers. Please contact your TT Sales representative if you have not received your license file. The new file must be installed via Guardian prior to April 15 2019, or you will not be able to trade.

Customer environments managed by TT via the TTNET or ASP hosted solution do not need to take any action, as all license updates are handled by TT; however any past due balances are still payable per the terms of your contract.

Please contact TT Support if you experience any installation problems.

If you no longer wish to receive Customer Advisories, please Unsubscribe.