"A potential security vulnerability has been identified with two types of optional HP USB Floppy Drive Keys intended for use with certain ProLiant servers," reads the advisory.
"This vulnerability could cause a local 'W32.Fakerecy' or 'W32.SillyFDC' virus infection."
The W32.Fakerecy is written primarily for removable drives and was first reported last year. W32.SillyFDC is also adapted for removable drives but can also be used to download more malicious files onto an infected machine.
"This is a worrying security lapse, especially as it comes from a major global brand with huge resources," said John Hawes, technical consultant at Virus Bulletin.
"Production and release procedures at all serious companies should be locked down tight to prevent this kind of thing – if we can't trust the big boys to keep their systems clean, who can we trust?"
It is not known whether the malware got on the drives as part of a targeted attack against HP’s products or if it was accidentally introduced due to problems on the manufacturer's side with infected machines.