2.9 Security
This section documents WSUS security issues that are not otherwise specified in the technical documents for the member protocols. It does not duplicate what is already in the member protocol technical documents unless there is some unique aspect that applies to WSUS as a whole.
The following high-level threats have to be considered when implementing WSUS:
Man-in-the-middle attacks: Update metadata and administrative intent can be tampered with by man-in-the-middle attacks to deny availability of critical or security updates to DSSs or computers. Therefore, the communication channel used by the member protocols will be secured using SSL.
Spoofing: WSUS identifies computers and DSSs using GUIDs. Given those identifiers, a malicious user can spoof reporting data for DSSs and computers in a way to mask the actual health of the computers. Therefore, the communication channel between update servers, and update client and update server, will employ some form of authentication to prevent rogue entities from masquerading as valid clients or servers.