Accessing OWA in Exchange 2000 gives me the entire directory

I started having problems with OWA running on Exchange 2000 SP3 after I applied the most recent Windows 2000 security updates (Wednesday, June 30, 2005), called "Update Rollup1 for Windows 2000 SP4". Now, when I try to access OWA from anywhere (inside or outside the firewall), I get a Directory Listing of all the mail boxes. Please help! People need to access their email over the long holiday. Thank you in advance.
aiplaIT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

aiplaIT ManagerAuthor Commented:
I just uninstalled the recent "Update Rollup1 for Windows SP4" and OWA is working as it should. I don't have time to see what was causing it, but if someone has any ideas on how to get this to work with the update, I'd greatly appreciate it.
As I guess you are aware, this rollup update included the following fixes

of those fixes, the only ones that I would guess could do what you are experiencing would be

MS02-050 Certificate validation flaw could permit identity spoofing 329115
MS04-011 Security Update for Microsoft Windows 835732
MS04-032 Security update for Microsoft Windows 840987

MS03-022 Vulnerability in ISAPI Extension for Windows Media Services may cause code execution 822343
MS03-041 Vulnerability in Authenticode Verification Could Allow Remote Code Execution 823182
MS03-023 Buffer overrun in the HTML converter could allow code execution 823559
MS03-026 Buffer Overrun in RPC May Allow Code Execution 823980
MS03-008 Flaw in Windows Script Engine may allow code to run 814078
MS04-012 Cumulative Update for Microsoft RPC/DCOM 828741
MS05-019 Vulnerabilities in TCP/IP could allow remote code execution and denial of service 893066

you can download and install those patches individually to isolate the problem

so far it looks like you are the only one experiencing this, there is nothing out there at all about it (!) 

once you isolate the offending update, install the rollup and then try to uninstall the individual update (if you know what i mean)

either way, if you do isolate it to a single update, please post it here for the other that will undoubtedly have this issue

hope that helps


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.