FYI: DNS Security update 953230 reserves 2500 random UDP ports. Can break things
2003 more affected, but can bite 2008 as well.
Spotted on Sans.org:
When Good Patches go Bad
MS KB: You experience issues with UDP-dependent network services after you install DNS Server service security update 953230
What, you say? Random, as in picked randomly, before other services start, without regard for what else is installed on the server Yup. But surely they reserve the UDP ports commonly seen by other apps, or at least UDP ports used by native Microsoft Windows Server services? Nope"