Researchers at Black Hat found a weak spot in some WSUS configurations that could allow an attacker to compromise any server or desktop in an enterprise. An attacker who manages to get a malicious update into an organization via WSUS, could do anything from remove, downgrade or stop patches from being installed to getting full control over servers and desktops. Microsoft acknowledged and said that it recommends enterprise admins turn on SSL for machines doing the update, a process that cannot be automated. The only prerequisite for the attack is to already be on the network.
Source: https://threatpost.com/manipulating-wsus-to-own-enterprises/114168/