I can go on explaining why you should switch over your WSUS Server to SSL so that you can mitigate Man-In-The-Middle (MITM) attacks, but sometimes it’s better to show you.
The following video is worth the watch as they explain exactly how relatively easy it is to take over a network by just having access to it with a WSUS Server that does not have SSL Enabled.
From Blackhat USA 2015 – WSUSpect – Compromising The Windows Enterprise Via Windows Update
Please, everyone, mitigate this risk and switch your WSUS to SSL. This does NOT mean that you can turn off HTTP as communication between clients and the WSUS server use both http and https much like FTP uses port 20 (data) and 21 (command channel).
I follow a really smart guy named Emin Atac and he posted a simple PowerShell method of switching your WSUS Server to use SSL with a self-signed Certificate. Of course if you have an internal CA, utilize that for the creation of your certificates as it is already a trusted authority by your systems. Another alternative is to buy a public certificate, but make a note that public certificates cannot include .LOCAL addresses anymore and require fully qualified domain names (FQDNs) which is not a problem if you have been following this guide.
