An Excel XLL file is a an add-in file that allows third parties to add extra functionality to Microsoft Excel – pretty useful. But of course the threat actors have extended that third party functionality to include malware.
Now, just like with macros, Microsoft is blocking XLL files, originating from the internet from the internet, by default. If you need this functionality your IT department will need to enable it for you.
Microsoft to block Excel XLL files from the internet • The Register
But of course when Microsoft closes one hacking door, the threat actors go looking somewhere else – such as OneNote .ONE attachments.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
Now OneNote is an attack vector