services / Azure / Private DNS SRV record set
An SRV (service-location) record set within an Azure Private DNS zone, which advertises the host and port of internal services (e.g. LDAP, SIP, Kerberos) for resources in linked virtual networks.
SRV records direct service-discovery clients to host/port endpoints; manipulating them can redirect client traffic to attacker-controlled endpoints.
Microsoft.Network/privateDnsZones/SRV/delete
Deleting the SRV record set breaks internal service discovery, causing denial of service for dependent applications.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog