Microsoft announced a security flaw in Exchange 2003. Basically, if you install Windows SharePoint Services (WSS) on an Exchange 2003 back-end, you may be allowing OWA users to access other users' mailboxes. This occurs when Kerberos authentication gets turned off; to fix things, you should make sure that Kerberos is turned back on. You can also turn off connection reuse to fix the problem. The number of affected users is quite small, and it's certainly understandable that MS didn't test this particular configuration, but it's still embarrassing.