Security researchers have shown that Hackers could intercept Windows Update to deliver and inject malware in organizations. The attack is so simple that a hacker with low privileges can set up fake updates that can be installed automatically by connected machines. Windows Server Update Services (WSUS) does not use SSL encrypted HTTPS delivery for the SOAP (Simple Object Access Protocol) XML service instead, it uses the non-encrypted HTTP web service. A malicious attacker can inject malware into SOAP XML communication between the WSUS server and the client and making it look purely authentic.
Source: https://thehackernews.com/2015/08/windows-update-malware.html