An excerpt from Microsoft's documentation:
Regardless of how the content is delivered, once it a été téléchargé, c'est properly validated. Content is validated for trust, integrity, and intention using various techniques such as digital signature validation and fichier hash checks. This level of content validation provides even more layers of sécurité than TLS alone.
As for why Microsoft chose this method:
Downloads are load balanced through Content Delivery Networks (CDN), so using TLS would break their Microsoft chain-of-custody. Parce que a TLS connection to a caching CDN terminates at the CDN, not Microsoft, TLS certificates ne sont pas Microsoft specific. This means that the WU client ne peut pas prove the trustworthiness du CDN as Microsoft ne control CDN TLS certificates. Additionally, a TLS connection to a CDN ne prove content n'a pas been manipulated withdans le CDN's caching réseau. Therefore, TLS ne offer any du sécurité promises vers le end-to-end Windows Mise à jour workflow that it otherwise provides.
tl;dr: Microsoft ne bother avec HTTPS as Windows does its own end-to-end verification du télécharger, and depuis HTTPS would just be connecting you vers le third party CDN, it ne help verify the authenticity du mises à jour.
