Microsoft today disclosed a security vulnerability that could lead to remote code execution — someone taking unwanted control over a PC or server — affecting several versions of Windows.

The security issue affects Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.

“The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts,” Microsoft explained in its security bulletin on the disclosure. Adobe and Microsoft jointly work on the OpenType file format.

Patches for the vulnerability are available and will be rolled out to most Windows users who accept automatic updates. For those who don’t have that option turned on, Microsoft has several workarounds available.

Usually Microsoft comes out with fixes to security issues on Tuesdays — hence the term Patch Tuesday. This one’s falling on a Monday.

The news comes just a few days before Microsoft launches Windows 10 on July 29.