This month’s Security Tuesday only includes one bulletin: 04-026. It fixes a cross-site scripting/script injection vulnerability in Exchange 5.5’s Outlook Web Access component. If you’re using OWA 5.5, a) you should get this fix and b) you should probably be upgrading.
That’s not just because I like new shiny things; it’s because OWA 2000 and 2003 have a number of security features that either require third-party add-ons or can’t be implemented at all in 5.5. Attachment blocking, freedoc control, and support for S/MIME are my three favorites, but chapter 14 of my book discusses all of the new features in much more detail.
Paul's Down-Home Page 
Exchange 5.5 related Security Bulletin – 04-026
Exchange 5.5 related Security Bulletin (04-026)