Hundreds of thousands of ZoneAlarm firewall users have been locked out of the internet by Microsoft's latest round of software updates.

Microsoft released four 'important' fixes as part of its regular Patch Tuesday update, one of which left ZoneAlarm users with out web access.

The MS08-037 fix is designed to plug a vulnerability in Windows' implementations of the Domain Name System protocol, but has been responsible for "compatibility issues " with ZoneAlarm.

A spokesman for ZoneLabs, the Check Point subsidiary which manufacturers ZoneAlarm, told vnunet.com that the company became aware of the problem late last night when US users began downloading the Microsoft code.

ZoneLabs advises users of ZoneAlarm to remove the Microsoft update as a workaround until it has created a more satisfactory solution to the problem. The company has set up a forum to help keep users informed.

The forum moderator states: "We are investigating the issue with the Microsoft update KB951748. For the time being we suggest you uninstall KB951748 until the issue has been resolved. We will post when we have more information."

Some users of the firm's forums have discovered that downgrading the firewall's security from High to Medium for the internet fixes the problem, but this is not advised by ZoneLabs.

A user by the name of 'PokeyCA' wrote: "By now, everyone who is using ZA, knows that Microsoft's update KB951748 broke ZA.

"The reason that it broke ZA is that Microsoft had to expand the randomness that the DNS client uses when asking for UDP ports to go to DNS servers.

"ZA only looks for these requests in a certain range of UDP ports, but with the new DNS client (note that IE has not changed, but some of the base networking programs (svchost.exe)), ZA sees requests outside of this range and blocks them. Therefore, Internet is broken.

"Unfortunately, Microsoft didn't tell firewall manufacturers (hardware and software) that they were updating this."