Interesting write up on the events that caused the patch to be created here,
http://blog.washingtonpost.com/secur...et_tues_1.html. Although I still don't understand what went wrong, or what is being fixed.
The ZoneAlarm lock out isn't mentioned until the final paragraph. And given some of the quotes, it seems safe to hold off on the patch for a few days.
Kaminsky said while end users should be concerned about this flaw, they shouldn't panic, and there is no evidence to date that hackers have figured out how to exploit the DNS vulnerability.
"No one needs to ring up their ISP's call centers saying 'Why isn't this patched yet?'" he said.