"Microsoft Plans to Kill Malware Delivery via Excel XLL Add-Ins"

Microsoft plans on introducing XLL add-in protection for Microsoft 365 customers, which will include the automatic blocking of such Internet-downloaded files. This will help combat the increase of malware attacks exploiting this infection vector. Microsoft reports that the new feature will become generally available in March for desktop users in the Current, Monthly Enterprise, and Semi-Annual Enterprise channels. Attackers have exploited XLL add-ins (Excel DLLs) to deliver various malicious payloads as download links or attachments disguised as documents from trustworthy entities, such as business partners, or as fake advertising requests, holiday gift guides, and website promotions. According to Cisco Talos, both financially-motivated attackers and state-backed threat groups, including APT10, FIN7, Donot, and TA410, employ XLLs as an infection vector to deliver first-stage payloads to their targets' devices. This article continues to discuss Microsoft's plans to implement XLL add-in protection for Microsoft 365. 

Bleeping Computer reports "Microsoft Plans to Kill Malware Delivery via Excel XLL Add-Ins"