Proxy auto-detection broken by recent Microsoft update

Posted on November 29th, 2012

Recently, Microsoft released a ‘security update’ for .NET Framework 3.51, to address KB2729452. Apparently someone, somewhere, was using proxy auto-detection scripts to somehow compromise a system. Reading the KB, this change doesn’t appear to be a problem for software developers. Unfortunately, this ‘security update’ actually broke legitimate usage for any software that uses HttpWebRequest, which is part of the .NET Framework, and is the normal way to check websites, connect to websites, etc. via code.

A customer recently brought this to my attention, and thankfully was aware that one of the new updates he installed caused the problem. I was able to work-around this problem for him by giving him a special file, but it became clear to me that other customers are likely to have this issue and it will appear as though Overseer simply doesn’t work. So, to work around this breaking change from Microsoft, I’ve added support in Overseer to specify proxy information. I left the option to ‘auto detect'(which used to be what Overseer did), but the default selection is now ‘no proxy’– this is the least problematic setting for most people. Those that have proxies can easily set their proxy information, or attempt auto-detection(which will likely work if this MS Update hasn’t been loaded).