Microsoft Update KB951748 and ZoneAlarm woes


Update: There is now a fix for this issue, see my blog post: Fix for MS Update KB951748 and ZoneAlarm.

Well, that was a quick break from blogging! Actually, it was my experience with Windows Update and the ZoneAlarm firewall today that’s brought me out from my self-imposed blogging exile this week.

I’ll cut to the chase: ZoneAlarm + Security update for Windows (KB951748) = no internet connection.

This is how ZoneAlarm themselves put it:

Microsoft Update KB951748 is known to cause loss of internet access for ZoneAlarm users.

The problem

Basically, this software update is designed to fix vulnerabilities when you’re surfing the Web. It updates a handful of files that are associated with connecting to the internet, including a few to do with TCP/IP which is one of the standard ways that computers can connect to the internet and one another.

Or, here’s how Microsoft put it in Microsoft Security Bulletin MS08-037:

This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.

And somehow this update has confused the ZoneAlarm firewall into preventing any connection to the Web. Well, not strictly any connection as I could still ping sites, but that quickly gets tiresome.

That’s a bit like wanting to go shopping, but not being allowed out of the house, so instead you just phone round the shops you wanted to visit to find out if they are open.


ZoneAlarm offer three workarounds:

  1. Uninstall the hotfix (recommended)
  2. Add your DNS servers to the trusted zone in ZoneAlarm (advanced)
  3. Reduce Internet Zone Security level to Medium (not recommended)

Uninstalling KB951748

I wasn’t going to try #3 (although I tested it and it does work); I tried #2 … it didn’t work; so I was left with no option but to uninstall the so-called security fix.

  1. Click the “Start Menu”
  2. Click “Control Panel”, or click “Settings” then “Control Panel”
  3. Click on “Add or Remove Programs”
  4. On the top of the add/remove programs dialog box, you should see a checkbox that says “show updates”. Select this checkbox
  5. Scroll down until you see “Security update for Windows (KB951748)”
  6. Click “Remove” to uninstall the hotfix

Hopefully ZoneAlarm will have a fix soon. I just checked the ZoneAlarm forums and funnily enough it looks quite popular today: “There are currently 132 members online and 22375 guests”.

Still, if you have installed KB951748 — a number that I think I’m now going to see in my sleep tonight; and I’ve been having enough weird dreams this week — and have ZoneAlarm installed, and have rebooted your PC, and you can’t connect to the internet … I do hope you can somehow download this information telepathically.

Such is the irony that the internet contains a whole load of information about how to fix internet connection problems … if only you could connect to it to read that information. There’s a hole in my bucket … !

Published by

Gareth Saunders

I’m Gareth J M Saunders, 52 years old, 6′ 4″, father of 3 boys (including twins). Enneagram type FOUR and introvert (INFP), I am a non-stipendiary priest in the Scottish Episcopal Church, I sing with the NYCGB alumni choir, play guitar, play mahjong, write, draw and laugh… Scrum master at Safeguard Global; latterly at Sky and Vision/Cegedim. Former web architect and agile project manager at the University of St Andrews and previously warden at Agnes Blackadder Hall.

33 thoughts on “Microsoft Update KB951748 and ZoneAlarm woes”

  1. Pingback: ZoneAlarm + KB951748 = no connection « Another Potting Shed
  2. I’m glad I came across your post, just in the nick of time before I turned into a Microsoft basher…. “they broke my computer too!”. I used the system restore point to take XP back to a functioning internet stage, needless to say I won’t be installing KB951748 anytime soon.

    Thanks for the other options, I couldn’t for the life of me remember how to uninstall updates. Excellent.

  3. Thanks for confirming things. Nice to know it’s Zonealarm. First time I used ‘restore’ but it took the machine into some space known only to Packard Bell! Seemed to have lost all IE addresses… later somehow they returned. Since then I’ve erased several times using ‘add remove programs’ – but when it comes to shutting down, every time it wants to reinstall it!! It must be on the machine and wants space. HELP!!

  4. Thanks for the nicely written blog. I had put 2 & 2 together and uninstalled KB951748 from both my laptop and my home PC and got them both working again but “had a need” to understand why. Thanks for the explanation. I had no idea that it was ZA’s involvement. Again, thank you!

  5. Thanks for confirming what went wrong. After much frustration and being unable to ‘Google’ my lack of access. I thought it must be the updates, so I ‘restored’ to before they were installed and all was well again.
    I have some computer knowledge… I worry what the average user does in these circustances??????

  6. thank God I have 1 Win2K pro machine left…it was the only one out of 4 XP updated machines that still connected! Great explanation, but you’d think MS would have test this update on one of the more popular firewalls out there before releasing it to cause mayhem…

  7. I had the same problem but caught on real guick to uninstall Security Update KB951748 and all was good again. My son on the other hand wasn’t so lucky and still trying to figure this out.
    He uninstalled KB951748 but no change. He tried a restore to an earlier date ( 3 different dates before the date of the update ) but each time just as windows xp is almost booted in , it said it couldn’t restore to that date and reset to the original date. Before KB951748 everything worked fine for him. This was all done over the phone for him but will need to go there tomorrow to check it out. Any suggestions on this one????

  8. Excellent advice, works a treat after several hours last night spent thinking it was something I had done. Good job I had access to a second PC at work to look this up and call home.

  9. its one thing installing the update and getting this connection problem, my main concern is all the fixes given to solve it on this forum ,and many others ive looked at over the last 24 hrs.
    my problem is ” i dont have zonealarm” ?? i use windows firewall and avast anti virus, ive taken out the update, also done a system restore, still getting it,also, one of my friends are using “comodo” firewall and they have the same problems.
    so has anyone got a solution for a non zonealarm user ??

  10. May I add 2 more actions that need to be done after you have completed the paragraph ‘Uninstalling KB951748’?

    1. Uninstall KB951748 (as detailed above).

    2. You probably have Windows Updates set to download updates automatically in the background, when you are online. So after you have uninstalled KB951748, Windows will automatically download and reinstall KB951748 again quietly in the background so when you next reboot your PC you won’t be able to go online again.
    Back to the begining, para 1 above! But this time go to Control Panel / Automatic Updates and select ‘Notify me but don’t automatically download or install them’.
    This puts you back in control and before long you will see the yellow shield in your system tray to tell you that KB951748 is waiting to be downloaded. Obviously don’t! Hopefully MS or Zonealarm will come up with a fix in a few days.

    3. Spread the Word. There will be many thousands of confused and cross PC users who don’t know what has robbed them of their internet/email connection (let alone know how to find a solution even if they had an internet connection).
    By letting every computer user you can think of know that you have a solution in case they, or anyone they know, has the problem, you can achieve mini-saviour status and make some long-overdue neighbourly introductions and friends/family phone calls.
    Talk about clouds and silver linings!

  11. Working from a telco company. Basically I told all my confused users who call up to disable Zone Alarm, which does restore the connection but leaves them at risk. Now there is a better solution, I can better serve my customers. Great write up !

  12. I am glad I am not the only one to Install, Restore, Install and finally restore again!.

    I tried option 2 but that didn’t work, so it is option 1. Automatic updates are already disabled.

    Doesn’t Microsoft have some responsibility for sorting this out? It was their fix which fouled things up!

  13. This was the push I needed to move to Comodo! Been meaning to switch since it is a superior firewall as well as being free. Thanks MS 🙂

  14. Five minutes after the update, we received tons of NDR dumps from all over in Outlook mailboxes. They were NDR’s that were, in some cases, months old and had already been delivered. Anyone have any ideas. Has this update negative impacted Exchange servers?

  15. Thank you for posting this issue + solution, Gareth.
    It has saved me a lot of time.

    Also , to PeterS – great with links 🙂

  16. @PeterS Good point about setting Automatic Updates to inform you rather than letting it loose on your system.

    I forgot to mention that because it’s one of the first things that I do when I set up a new system, or reinstall XP.

    Nice to see there’s a fix now … just about to check it works!

  17. (KB951748) was installed and is listed in my “windows update history” as being installed.

    Even though I check mark the “show updates” in “add remove software” no “Security update for Windows (KB951748)” shows.

    In fact no security updates at all show up in “add remove software”.

    Why not?

  18. Yes I had to fix ONLY 5 PC’s yesterday from this ISSUE..
    for those of you that said “we need to hold MS responsible for this problem” GOOD LUCK .. this is why I don’t like MS (Mirco Soft) and Bill Gates!
    They have over the years not given a hoot about 3rd party software, the people that sell, write, or USE IT!
    As Bill Gates sees it you should be using 100% MS software from him… as is he don’t have enough money..
    NOW YOU KNOW WHY there are so many hackers, virus etc… created to just take down MS software… they KILLED THE AMIGA Computer MANY years ago.. maybe before some of you born… this Computer was the first to have GUI (like windows) interface and was kicking ass over MS op system when it was DOS Based… he also was going to take down MAC but if that happen the court’s said MS would have to split up… so he keeps it alive.. just a bit of history on Bill Gates OP system….
    it’s created with errors in it so WE all have to keep buying his hmmm stuff…
    so good luck holding MS responsible for your time, troubles and pains or DAMAGE to your PC… they could care less and “as they put it” we told you this update could make problems… and you clicked on the accept button….
    I see MS is still LAME.. 🙂
    but this is a great POST on the fix.. I had to restore, and re do the “INTERNET CONNECTION” (the way you make connection to the net) Icon and set all that up on all the PC’s to get it to work again…
    I have now turned off AUTO UPDATE… and wonder why I would even need to anymore as I have a firewall router, and software .. DO ANY OF US NEED TO DO THESE UPDATES?

  19. Some time ago a Windows update killed the sound recording on one of my PCs. A while later another update screwed up my email and also my friend’s email. Add to that the necessity to reboot after most updates, (I like standby and hibernate), and I decided to disable Windows updates. For the moment I rely on third party security software (with updates) and some commonsense, but I intend to switch to Linux as soon as I am comfortable with it.

  20. >

    Ding! Been offline since Weds 9th….and driving my internet provider’s data support team mad with “it won’t work” calls constantly since then.

    Had a dream about a windows update last night (strange but absolutely true, I promise!), so this morning I checked my most recent updates, via add/remove p[rogrammes, and there was an update on 9th July, the day I lost my connection. Figured I could re-upload it if Wondoze decided I eally did need it. SO uninstalled the infamous KB951748, with no clue as to its reputation, hit connect, then tried to find a website…and hey presto. Stuck ‘windows update kb951748’ into a search engine and it brought me here…yay!
    No need to phone up my isp and grovel and apologise for giving them 3 days of hell as to why I couldn’t get online….doh!

  21. Thanks for this. I had worked out by a process of elimination that the windows update was the cause of my problems and had un-installed it. The fact that I could still connect to the internet via my IPod Touch confirmed to me that my laptop was the problem rather than my internet connection. I agree with another comment left that microsoft should have tested this on one of the most popular firewalls first.

  22. after deleting kb 951748, then recently found the ZA update, now I can’t download KB 951748, and can’t even use any restore points.

  23. After removing KB951748 everytime I start Office Excel, or Word, (any Office Product) or *Right Click* a file I get Windows Installer starting up.
    And also now .msi installer will not run.
    Hwy would MS force an update as the result of a report from two (2) privately reported vulnerabilities.

    I wonder if they will listen to a suggestion from only 1, ME

  24. Hi again; I repaired Windows Installer by that famous *unreg msiexec.exe* then re registering it……what a mess because of two inputs from WHO??? I havae never seen that problem since using XP-Pro from before it was officioally released and still in Beta.

    I often get the feeling MS is trying to FORCE Vista, well I own Vista and have installed and removed it 4 times………..and it remains un-installed

  25. If you haven’t already seen it, try a search for this text
    “Someone decided to trash the one part of Windows that was usable”
    Apparently we are not the only people unhappy with Windows updates.

  26. I found a workaround to all kinds of problems caused by MS updates. I just switch them OFF completely. Whenever there’s a Service Pack released, I do an integrated install, wipe out the drive and install everything from scratch. No incompatibilities, no conflicts. Currently running XP with SP3 – smooth and reliable.

  27. It ain’t just Zonealarm that this update creates problems with! I installed it on my business PC which only runs the Windows XP firewall and Escan antivirus and ever since all I get is an error message for the network connection saying ” this connection has limited or no connectivity”, very helpful…………NOT!

    Tried to uninstall the update but it just isn’t displayed in the “add/remove programmes” section and yes i have ticked the “display updates” box!

    I think I have big trouble!


  28. I began experiencing Internet connectivity problems several months ago. The problem seems to be connected to a set of .dlls downloaded (by Windows automatic update, I presume) on April 14, 2008. I am unsure of the connection, if any, with KB951748. The problem has progressively worsened to the point I am now totally unable to access the Internet. Windows XP System Restore is defective, as is Undo Restore, since invoking these procedure has created additional problems, including Class Not Registered and flash.ocx error. Various fixes obtained from the Internet and elsewhere have all failed. Has anyone had similar problems? If so, is there a solution? I feel sabotaged by Microsoft’s incompetence.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.