Downloading a Windows update can be a gamble these days, but this week’s Windows 10 “Patch Tuesday” feels more important than most. The update includes plenty of important security fixes, including patches for two actively exploited vulnerabilities in the Windows Adobe Type Manager that affect all Windows 10 users.

The two vulnerabilities in question—listed as CVE-2020-1020 and CVE-2020-0938—could let hackers remotely run malicious code and even install malware programs embedded in a document or webpage’s font files. A user doesn’t even have to open an infected document to be exposed to the attack. Simply previewing the file in Windows Explorer is enough to run any malicious code found within. The threat is severe enough that even the U.S. government is telling people to run this update.

CVE-2020-1020 and CVE-2020-0938 have been actively exploited by hackers since at least March, but Microsoft has been unable to fix the issue until this week’s patch. The patch also fixes 133 other security issues, 15 of which Microsoft identified as potential threats. You can read the full patch notes here for full details on all of the fixes.