diff --git a/Misc/NEWS.d/next/Tools-Demos/2020-11-06-09-12-13.bpo-41712.WOEkdm.rst b/Misc/NEWS.d/next/Tools-Demos/2020-11-06-09-12-13.bpo-41712.WOEkdm.rst
new file mode 100644
index 00000000000000..9d190539b3586a
--- /dev/null
+++ b/Misc/NEWS.d/next/Tools-Demos/2020-11-06-09-12-13.bpo-41712.WOEkdm.rst
@@ -0,0 +1 @@
+A regex pattern in the purge script (which is only used internally for creating Windows installers) was vulnerable to regex denial of service.The pattern was changed to fix this.
diff --git a/Tools/msi/purge.py b/Tools/msi/purge.py
index a8b8f4d8973c40..27b6b054a445ad 100644
--- a/Tools/msi/purge.py
+++ b/Tools/msi/purge.py
@@ -12,7 +12,7 @@
 
 from urllib.request import *
 
-VERSION_RE = re.compile(r'(\d+\.\d+\.\d+)(\w+\d+)?$')
+VERSION_RE = re.compile(r'(\d+\.\d+\.\d+)([A-Za-z_]+\d+)?$')
 
 try:
     m = VERSION_RE.match(sys.argv[1])