The SDL Regex Fuzzer identifies problematic lines that might cause an application to be susceptible to attacks that consume huge amounts of resources and cause denial-of-service conditions. Microsoft officials say as more and more applications are moved to cloud providers, attackers will focus their attention on those applications in new and profitable ways. A small change to an input string can cause major problems for a regular expression engine. An attacker could provide a relatively short input string and force the engine to process hundreds of millions of paths, tying it up for hours or days.
Source: https://threatpost.com/microsoft-releases-new-regex-fuzzer-101310/74571/