services / Azure / DNS SRV record set
An authoritative DNS SRV record set within an Azure public DNS zone. SRV records advertise the host and port that back named services (e.g. SIP, LDAP, autodiscover) for the domain.
DNS record data is published and resolvable by design (public); write/delete control determines where service-discovery clients are routed.
Microsoft.Network/dnszones/SRV/write
Creating/replacing SRV records repoints service-discovery lookups to attacker-controlled hosts/ports, hijacking how clients locate and reach the domain's services.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog