The problem is on ZA, not into MS updates...
According to the German site Heise Security the problem lies in the personal firewall expecting dns queries only from one udp port. The windows update randomizes the source port for udp queries. Heise Security suggests an allow rule for the firewall, which allows udp-packets from any port to port 53 of the dns server and the respective answers.
Tech,
I take it that you claim ZA "randomizes the source port for udp queries". You did say "The problem is on ZA, not into MS updates...", but the article said "The
windows update randomizes the source port for udp queries." ZA does need to upgrade their fw to be compatable with the Windows update, then the
problem created by the Windows update will be fixed.