The servers then exploit the Log4j vulnerability to retrieve and execute an attacker-hosted payload on both the server as well as connected vulnerable clients, according to Microsoft.