This is not too cheery. And given how slow Samsung AND T-mobile have been, this could get rather interesting as the silent days roll out into silent weeks.
The quick version: ANY malicious App, including an innocuous update to a mundane App that has no permissions can root your phone if it's one of the affected models (including at least the international version of the Note 2's, but I am not sure T-Mobile's is one of them - I have my doubts but I don't know for certain). Once they have root access, they can do, well, anything really, including brick your phone.
Now that this bug is known, anyone could exploit it even using something legitimate that they "update". So, just to be on the safe side, you might wish to consider:-
1. No new Apps, not even from the PlayStore.
2. Disabling AUTO-UPDATE of Apps you have installed. All of them. Note if you are like me, you have auto update disabled as default, but may have set auto-update on a couple of really trusted ones (google Apps were ones I trust defacto, coz I just do). I went through my entire list of Apps and disabled Auto-update on the few that were previously set. Not a quick job on the Note 2, sorry! (Faster on my Note 10.1 though - also potentially affected by this terrible security flaw).
3. No new Apps, and no updating of Apps. (It's such a good suggestion I thought I'd state it twice!).
If you have a rooted phone, there's already a patch to fix this, but as always with a rooted App, it comes with a few risks. As such, I am not even going to put a link up: if you have rooted your phone, you don't need anything from me (the App that fixes the security flaw also roots your phone in one single step - a rooter's dream, but one us mere mortals probably fear).
Not a good day for Samsung/component security bugs, but as always, this too shall pass. 
Maybe the buggers at Update Center will get of their butts and make an effort to roll out some friggin updates. Hint hint.
Andrew